github-image-hosting
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and does what it claims, but users should notice that it uploads images to a third-party host and can post or edit GitHub content through the local GitHub CLI.
Before installing or using this skill, make sure you are comfortable sending selected images to img402.dev and publishing the resulting link in GitHub. Review screenshots for sensitive information, and verify the GitHub target before allowing gh to edit a PR body or add a comment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the screenshot contains private information, it may be exposed through the hosted image URL for the documented retention period.
The workflow sends the selected image or screenshot to an external image-hosting provider and returns a hosted URL for embedding.
curl -s -X POST https://img402.dev/api/free -F image=@/tmp/screenshot.png
Review screenshots before uploading, avoid secrets or private data, and remember the hosted link is not suitable for permanent or confidential documentation.
Running these commands can publish or modify GitHub content as the currently logged-in GitHub user.
The documented GitHub integration can edit PR descriptions or add PR/issue comments using the local gh CLI’s authenticated GitHub identity.
gh pr edit --body ...; gh pr comment --body ...; gh issue comment 123 --body ...
Confirm the repository, PR or issue number, and comment/body content before using the gh commands.