ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wip Repo Permissions Hook

v1.9.68

Repo visibility guard. Blocks repos from going public without a -private counterpart.

0· 602·0 current·0 all-time
byParker Todd Brooks@parkertoddbrooks
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the requested binaries and code: node for running the tool and gh (GitHub CLI) for GitHub API access. The package installs a CLI binary that implements the described checks. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
SKILL.md and the code limit behavior to checking GitHub repos (via gh) and blocking gh repo edit --visibility public flows when used as a PreToolUse/Bash hook. The guard reads PreToolUse JSON on stdin and only inspects Bash commands; it allows by default if input is unparseable. It does not read or exfiltrate arbitrary files or environment variables. Note: the hook only detects the specific gh repo edit --visibility public pattern; other ways of changing visibility (web UI, other gh subcommands) are not intercepted.
Install Mechanism
Install is via npm package '@wipcomputer/wip-repo-permissions-hook' (node-kind install) which is a normal, traceable distribution channel. No ad-hoc downloads or obscure URLs are used. The package has a declared dependency (@modelcontextprotocol/sdk) installed from npm.
Credentials
The skill requests no environment variables, which is reasonable. It does require a working gh CLI session — i.e., the user (or environment) must have gh authenticated with appropriate GitHub scopes (repo read) for API calls to succeed; this credential live in gh's own configuration rather than as an env var. Confirm the gh token's scopes before granting system-wide hooks.
Persistence & Privilege
always is false and the skill is user-invocable. Installing as an OpenClaw/Claude hook or copying into an extensions folder is expected for this functionality. The skill does not modify other skills' configurations and does not request an always-on privilege.
Assessment
This tool appears to do what it says: it uses the GitHub CLI to check for a {repo}-private counterpart and can be installed as a PreToolUse hook to block specific gh commands. Before installing: (1) review the package source on the publisher's repo/npm page and confirm the publisher is trusted, (2) ensure your gh CLI is authenticated and that the token has only the minimum scopes required (read access to repos), (3) test the hook in a non-production environment because it intercepts tool runs and can block visibility changes, and (4) be aware the hook only looks for the specific 'gh repo edit ... --visibility public' pattern — it won't stop visibility changes made via other means (e.g., GitHub web UI) unless those flows are also routed through the same tool/hook.
core.mjs:31
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qzxgpbf6jkt7wkp20cc78s841kz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis
Binsnode, gh

Install

Install via npm
Bins: wip-repo-permissions
npm i -g @wipcomputer/wip-repo-permissions-hook

Comments