GitHunt
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your location, role, and skill search terms may be sent to githunt.ai to retrieve ranked GitHub profiles.
The helper script sends the user’s search parameters to the GitHunt API. This is expected for a developer-search skill, but it means search criteria are shared with an external service.
curl -s -N -X POST "$API_URL/rank/users/stream" ... -d "$payload"
Use the skill only for searches you are comfortable sending to the GitHunt service, and review the service’s terms/privacy practices if that matters for your workflow.
The helper script may fail or behave differently if required local tools are unavailable, but no hidden installation or remote code execution is shown.
The included helper script depends on local command-line tools such as curl and jq, while the registry requirements list no required binaries. This appears to be an under-declared but purpose-aligned helper dependency.
response=$(curl -s -X POST "$API_URL/rank/users" ... --compressed 2>/dev/null) ... jq -r
If using the script rather than the documented curl examples, make sure curl and jq are installed and inspect the script before running it.