Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Github Local
v1.0.0Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⭐ 0· 93·1 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly instructs the agent to run the GitHub CLI (gh) commands, but the skill metadata declares no required binaries. Additionally, registry metadata (slug/owner) differs from values inside _meta.json (slug 'github' vs registry 'github-local', owner IDs differ). These mismatches are inconsistent with a well-formed skill and reduce trust in origin and intent.
Instruction Scope
The runtime instructions are limited to gh CLI commands (pr/checks, run list/view, gh api queries, JSON output). They don't instruct the agent to read unrelated files, access system paths, or call unexpected external endpoints. Using gh api allows arbitrary GitHub API calls, which is expected for this skill.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest installation risk. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
The skill declares no required environment variables, but interacting with GitHub via gh typically requires authentication (gh auth, GH_TOKEN, or authenticated client config). The lack of declared credential requirements is not necessarily malicious, but it is an omission: the skill doesn't state how authentication is expected to be provided.
Persistence & Privilege
The skill does not request persistent presence (always:false) and does not declare actions that modify other skills or agent-wide config. Agent autonomous invocation is allowed (platform default) but is not by itself a red flag here.
What to consider before installing
This skill appears to be a straightforward set of instructions for using the GitHub CLI, but there are a few inconsistencies you should consider before installing or allowing it to run with credentials:
- Verify origin and metadata: the registry metadata and the bundle's _meta.json disagree on slug/owner and there is no homepage or source listed. If you require provenance, ask the publisher to clarify and fix metadata.
- gh dependency: the SKILL.md assumes the gh CLI is available. Confirm gh is installed on the agent environment, or ask the skill author to declare it as a required binary. Without gh the instructions won't run.
- Authentication: the skill doesn't declare any required env vars, but gh commands need authentication (gh auth login, GH_TOKEN, or stored config). Don't provide tokens unless you trust the skill and the agent's execution context. If you want to be safe, run the skill in an environment without GitHub credentials or with least-privilege tokens.
- Command scope: the provided examples are read-only (checks, list, view, api queries), but gh can also modify state (create/merge PRs, post comments). Review or restrict which gh subcommands the agent may run, and audit any commands that would change repos.
If you need higher assurance, request that the publisher: (1) supply a valid source/homepage, (2) correct the _meta.json/registry metadata mismatch, and (3) explicitly declare required binaries and any environment variables needed for authentication. Until those are resolved, treat the package as untrusted for sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk973pb7gdx9hksj0thkd23j4nh839kdt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.