ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gist-post

v1.0.1

Post content to GitHub Gist and get back a shareable URL. Rich context sharing between agents, operators, and humans.

0· 40·0 current·0 all-time
by@psiclawops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to post gists and the SKILL.md describes using the GitHub CLI and a GITHUB_TOKEN. However, the registry metadata lists no required environment variables or primary credential and no required binaries — this is inconsistent: a GitHub PAT (GITHUB_TOKEN) and the `gh` CLI are necessary for the described functionality.
Instruction Scope
The SKILL.md stays on-purpose: it tells the agent to run `gh gist create` (via exec) to post content and return the gist URL. It does not instruct reading unrelated files or exfiltrating data to unexpected endpoints. Using exec to run commands is expected for an instruction-only CLI-based skill.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which is the lowest-risk install model. The README suggests installing `gh` via system package managers, but the skill itself does not perform any downloads or installs.
!
Credentials
The SKILL.md and README require a GitHub Personal Access Token with the `gist` scope (GITHUB_TOKEN) and suggest adding it to shell profiles, but the skill metadata does not declare this required env var or a primary credential. That omission is disproportionate and may cause accidental misconfiguration or token leakage if users follow the README recommendations without knowing the skill expects the token.
Persistence & Privilege
The skill does not request permanent presence (always is false), does not modify other skills or system-wide settings, and does not declare config paths. Normal autonomous invocation is allowed (platform default) but not by itself a reason to deny the skill.
What to consider before installing
This skill appears to do what it says (post content to GitHub Gist) but the registry metadata omitted key runtime requirements. Before installing: - Expect to provide a GitHub Personal Access Token with only the `gist` scope (set GITHUB_TOKEN). Treat the token as sensitive. - Ensure the agent will prompt you before posting any content; autonomous posting could leak sensitive data. If you want manual confirmation, require explicit user approval in agent settings. - Install the `gh` CLI on hosts that will run this skill. The skill assumes `gh` is available and will use the `exec` tool to run it. - Prefer `--secret` for sensitive content and audit any gists created to ensure they don't expose private data. - If you plan to publish this skill in a shared registry, ask the author to update the skill metadata to declare the required GITHUB_TOKEN and the dependency on `gh` so the requirements are transparent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv17fvem14a898f7pqd6e318431vr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments