Back to skill
Skillv0.1.0
ClawScan security
Gitea · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:28 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the official tea CLI and its install/runtime requirements align with the stated purpose.
- Guidance
- This skill is coherent: it simply shows how to use the tea CLI to interact with Gitea. Before installing/using it: (1) ensure you trust the Homebrew or Go source used to install tea; (2) be aware that tea commands (e.g., actions secrets list) will access repository secrets/metadata if your configured login has permission—only add tokens you trust and store them securely; (3) the SKILL.md mentions using jq for filtering but doesn't declare it as required, so install jq if you need to run the example pipeline; and (4) if you are uncomfortable with the agent invoking the skill autonomously, restrict user-invocation or review calls the skill makes that perform write actions (e.g., creating PRs/issues) before allowing them.
Review Dimensions
- Purpose & Capability
- okName/description describe using the tea CLI for Gitea operations; required binary (tea) and install methods (brew or go module code.gitea.io/tea) match that purpose and are proportionate.
- Instruction Scope
- okSKILL.md only shows example tea commands (pulls, pr, issues, actions, api, login). It does not instruct reading unrelated files, accessing unrelated env vars, or sending data to unknown endpoints. It does mention using jq for local filtering but does not claim jq is required.
- Install Mechanism
- okInstallers are standard: Homebrew formula 'tea' and a Go module from the official code.gitea.io path. Both are expected ways to obtain the tea CLI and are not high-risk download-from-arbitrary-URL installs.
- Credentials
- okNo environment variables or credentials are declared. The skill demonstrates using a Gitea token via 'tea login add', which is appropriate for interacting with Gitea and does not request unrelated secrets.
- Persistence & Privilege
- okSkill does not request always: true and does not modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but is not excessive for this kind of integration.