Deploy Public
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This repo-publishing skill mostly matches its purpose, but it needs review because it can delete every non-main branch in the public GitHub repo and contains signs of an under-disclosed npm publishing path.
Use this only after reviewing the script and target repo carefully. It will publish almost all private repo contents to a public GitHub repo using your GitHub login, can delete remote branches, and may contain npm publishing behavior; run secret scans, restrict credentials, and require manual approval for destructive or public release actions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill could remove unrelated work branches from the public repository, potentially disrupting collaborators or losing branch state.
The cleanup step selects every branch except main and deletes it through the GitHub API, rather than limiting deletion to the branch created by this deploy run.
STALE_BRANCHES=$(gh api "repos/$PUBLIC_REPO/branches" --paginate --jq '.[].name' 2>/dev/null | grep -v '^main$' || true) ... gh api -X DELETE "repos/$PUBLIC_REPO/git/refs/heads/$stale"
Restrict deletion to the exact deploy branch or a clearly defined deploy prefix, and require an explicit user confirmation before deleting any remote branches.
The skill may publish packages or sub-tools to npm using local npm credentials, which is a high-impact public release action outside the clearly documented workflow.
Visible script comments indicate an npm publishing path, but the skill description and README describe GitHub repo/release syncing, not package-registry publication.
STILL fall through to the npm publish step below ... sub-tool versions can bump ... classify_npm_publish_error
Review the full npm section before use, document npm publishing explicitly, declare required npm credentials/tools, and require user approval before any package publish.
The skill will act with whatever GitHub permissions are available to the local gh login, so a broad-scoped account can make broad public changes.
The script relies on the GitHub CLI's authenticated account to create public repos, merge PRs, and create or edit releases.
gh repo create "$PUBLIC_REPO" --public ... gh pr merge "$PR_NUMBER" -R "$PUBLIC_REPO" --merge --delete-branch ... gh release create "$TAG" -R "$PUBLIC_REPO"
Use a minimally scoped GitHub account or token, verify the target repo before running, and understand that the skill can publish and mutate repository state.
Any private file not covered by the exclusions, such as secrets, internal docs, or configuration, could be pushed publicly.
The intended behavior copies almost the entire private repository into a public mirror, excluding only specific paths.
rsync -a --exclude='ai/' --exclude='_trash/' --exclude='.git/' --exclude='.DS_Store' --exclude='.wrangler/' --exclude='.worktrees/' --exclude='.claude/' --exclude='CLAUDE.md' "$PRIVATE_REPO/" "$TMPDIR/public/"
Audit the private repository, run secret scanning, review the generated PR diff, and add explicit excludes before publishing.
Users may run the skill in an environment that is missing undeclared tools or uses unexpected local tool versions.
The script invokes node and rsync, while the declared requirements list only git, gh, and bash.
CURRENT_VERSION=$(cd "$PRIVATE_REPO" && node -p "require('./package.json').version" 2>/dev/null || echo "") ... rsync -aDeclare all required binaries, including node and rsync, and document expected versions or fallback behavior.