ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

github-skill-manager

v1.0.3

管理来自 GitHub 仓库的技能。用户要安装技能、检查技能更新、更新已安装技能、卸载技能,或提到注册技能、GitHub 技能、REGISTRY.yaml 时,优先使用此技能。

0· 47·0 current·0 all-time
byAn Jing@qvshuo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is explicitly a GitHub-based skill manager and its instructions use the gh CLI and GitHub tarball/contents APIs — this is appropriate for the stated purpose. Minor inconsistency: SKILL.md requires an authenticated gh CLI (gh auth status) but the skill metadata lists no required binaries or primary credential.
Instruction Scope
SKILL.md limits actions to downloading/extracting repo archives, copying skill directories into skills/{skill-name}/, and updating skills/skill-manager/REGISTRY.yaml. It does not instruct reading unrelated system files or sending data to external endpoints other than GitHub, and it includes safety checks (don't overwrite existing directories, check for uncommitted changes).
Install Mechanism
This is an instruction-only skill with no install spec and no archives pulled from arbitrary servers; downloads are via GitHub repository tarballs (gh api), which is an expected and lower-risk source for this purpose.
Credentials
The skill relies on gh being installed and authenticated (gh auth status). That implies use of locally-stored GitHub credentials (gh's OAuth/token). The manifest does not declare this dependency or any required env vars; while expected for GitHub operations, users should be aware the skill will use whatever gh credentials are configured on the host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configurations beyond adding/removing entries in its own REGISTRY.yaml, and its filesystem writes are scoped to skills/{skill-name}/ and skills/skill-manager/REGISTRY.yaml as described.
Assessment
This skill appears to do what it says: manage skills stored in GitHub repositories using the gh CLI. Before installing or letting an agent use it, ensure: (1) you have gh installed and authenticated (run gh auth status); (2) the GitHub account/token used by gh has only the minimum required scopes you accept, because the skill will use your gh credentials to fetch repos; (3) you trust the source repository before installing a skill (installing writes files that the agent may later execute); (4) keep backups of skills/ and skills/skill-manager/REGISTRY.yaml, and review the repo contents (or a commit SHA) before installation. Note the manifest omission: the skill expects gh but does not declare it — consider adding that requirement or verifying gh is available before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ve65fprwv5jwpgpjq0nb3184sf1k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments