Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GitHub Push CN
v1.0.0Secure GitHub push automation with auto SSH and remote config. Use when git push, automated push, or conflict handling needed.
⭐ 0· 60·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (GitHub push automation) aligns with the code and docs: it manipulates git, configures/remotes, and performs pushes. However some claims are questionable or under-specified (e.g., 'auto-create repo if doesn't exist' requires GitHub API/credentials but the skill declares no such credential). Re-initializing by removing an existing .git (documented in code) is surprising relative to a typical 'push' helper.
Instruction Scope
Runtime behavior includes reading the user's home (~/.ssh), invoking ssh-add to load private keys, manipulating git config (user.name/email), removing .git (shutil.rmtree) and re-initializing repositories, staging/committing, pulling/rebasing and force-pushing. These are powerful, potentially destructive filesystem and credential operations that go beyond a passive 'push helper' and are not gated by strong user confirmation in the docs.
Install Mechanism
No remote install or third-party downloads—this is contained in the shipped code. That lowers supply-chain risk compared to network installs. The skill executes local subprocesses (git, ssh-add) which are expected for this function.
Credentials
The skill requests no declared env vars but reads and acts on sensitive local material: it auto-detects and will auto-load private SSH keys from ~/.ssh into the ssh-agent. Access to SSH keys and removal of .git are high-impact operations and should be explicitly declared and justified. The lack of declared credentials or clear safeguards is disproportionate to what the metadata states.
Persistence & Privilege
The skill does not set 'always' and is user-invocable, but it performs persistent/modifying actions on the user's repository state (deleting .git, changing remotes, configuring user.email/name). Those modifications affect local data and history and are not limited to a sandbox—this is higher privilege than a read-only helper.
What to consider before installing
This skill can perform destructive changes and touch private SSH keys. Before installing or running: 1) Review the script lines that remove .git and that call 'ssh-add'—back up any repositories (copy the .git directory) and never run it on a production repo. 2) Prefer running with --dry-run first and inspect the computed file list. 3) Check that you understand and consent to auto-loading private keys into your ssh-agent; consider using a dedicated key with limited access. 4) Be cautious about the 'auto-create repo' claim—the package supplies no GitHub API token handling, so verify how repository creation is actually implemented. 5) If you intend to let an autonomous agent use this skill, restrict agent permissions and test in an isolated environment. If anything is unclear, ask the author for explicit confirmation of destructive steps and for safeguards such as explicit user confirmation before removing .git or doing force-pushes.Like a lobster shell, security has layers — review code before you run it.
latestvk97ad3hd8kdnx6s0jx7ynr65s983ah8y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.