Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gist Share
v1.0.1Post content to GitHub Gist and get back a shareable URL. Rich context sharing between agents, operators, and humans.
⭐ 0· 39·0 current·0 all-time
by@ragesaq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to post gists (which legitimately needs the GitHub CLI or API and a PAT with gist scope), but the registry metadata lists no required binaries or environment variables. That mismatch is incoherent: a gist-posting skill reasonably needs a GITHUB_TOKEN and gh (or equivalent), yet those are not declared in the package metadata.
Instruction Scope
SKILL.md explicitly instructs the user/agent to set GITHUB_TOKEN and to run gh via the exec tool, and it suggests adding the token to shell startup files (e.g., ~/.zshrc). It does not instruct reading unrelated files, but it does encourage persistent storage of a secret and execution of shell commands — both of which broaden the data and file scope beyond a purely ephemeral, in-session operation.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which reduces direct install-time risk. The doc suggests installing gh via platform package managers (brew/apt) — standard and expected for this functionality.
Credentials
The instructions require a GITHUB_TOKEN with the gist scope (appropriate for creating gists) but the skill metadata does not declare any required environment variables or primary credential. Asking the user to place a PAT in global shell profiles is disproportionate from a safety standpoint because it makes the secret broadly available to other processes and future sessions.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills, which is good. However, the setup guidance suggests persisting the PAT in shell startup files, which creates long-lived credential availability outside the skill's control. Combined with normal autonomous invocation, a persisted token increases blast radius — the skill itself does not enforce or require persistence, but the doc encourages it.
What to consider before installing
This skill's purpose (posting gists) is reasonable, but the SKILL.md and the package metadata disagree: SKILL.md requires the gh CLI and a GITHUB_TOKEN (PAT) and even suggests adding it to your shell profile, while the registry metadata lists no credentials or binaries. Before installing/using: (1) verify the skill repository and author trustworthiness; (2) prefer using gh auth login or the gh credential store instead of echoing a PAT into ~/.zshrc; (3) if you must use a PAT, create a token with only the gist scope, make it short-lived or rotate it frequently, and avoid persistent storage in global shell profiles — set it only in the session where you post the gist; (4) never post secrets or sensitive data to public gists (secret gists are unindexed but still accessible by URL); and (5) if you allow agents to invoke skills autonomously, restrict tokens to minimal privileges or avoid storing them persistently so a compromised agent or process can’t reuse them.Like a lobster shell, security has layers — review code before you run it.
latestvk975z1c95fvg70eh25xtxzyjj9841yam
License
MIT-0
Free to use, modify, and redistribute. No attribution required.