Mission Control
Security checks across malware telemetry and agentic risk
Overview
Mission Control is mostly aligned with its task-board purpose, but it gives persistent webhooks and GitHub credentials meaningful control over the agent while making some credential-storage and webhook-verification claims that are not fully supported by the artifacts.
Review the credential model before installing: use dedicated least-privilege GitHub tokens, configure a real webhook secret, restrict dashboard/repository access to trusted users, and be comfortable with a persistent webhook that can wake the agent when tasks are moved to In Progress.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can create or edit tasks and move them to In Progress may be able to direct what the assistant works on.
Task descriptions entered through the dashboard or repository can become work orders for the agent without a separate prompt at execution time.
the agent executes them automatically when moved to "In Progress"
Use this only with trusted task authors, restrict repository/dashboard access, and keep the agent sandbox and approval settings enabled for sensitive actions.
The skill can use an existing GitHub login token from the local machine, which may grant broad repository access depending on how the gh CLI was authenticated.
The transform reads the local GitHub CLI auth file and uses the extracted OAuth token for GitHub API requests. This is high-impact account credential access, while the registry metadata declares no primary credential or required environment variables.
const tokenFile = config.secrets.githubTokenFile; ... const ghConfig = readFileSync(tokenFile, 'utf8'); ... if (token) headers['Authorization'] = `Bearer ${token}`;Use a least-privilege GitHub token dedicated to this dashboard, confirm which token file is configured, and avoid installing until the credential requirements are clearly declared.
A user may underestimate the risk of pasting a GitHub token into the dashboard, especially if the page is hosted on GitHub Pages or used on a shared browser profile.
The artifacts make conflicting claims about whether the dashboard stores tokens. Browser localStorage token storage is sensitive and should not be described as no credential storage.
README: "No tokens or secrets stored in the dashboard"; docs/HOW-IT-WORKS: "Uses GitHub Personal Access Token stored in browser localStorage."
Clarify the token-storage model before use, prefer fine-scoped and revocable tokens, and remove the token from browser storage when no longer needed.
If the webhook secret is not configured, the system relies on other gateway protections and may process webhook-like requests without proving they came from GitHub.
The HMAC verifier accepts webhooks without signature validation when the secret file is missing, while other documentation presents HMAC validation as a security mitigation.
if (!existsSync(secretFile)) return true; // Kein Secret = skip validation
Require a GitHub webhook secret during setup, fail closed when the secret is missing, and document clearly when HMAC verification is disabled.
The skill is not just a static dashboard; after setup it can continue reacting to repository changes and waking the assistant.
Setup installs a persistent hook transform into the Clawdbot/OpenClaw hooks directory so future GitHub push events can wake the agent.
cp <skill>/assets/transforms/github-mission-control.mjs \ ~/.clawdbot/hooks-transforms/
Install it only if you want ongoing webhook-triggered agent activity, and know how to disable the hook mapping or remove the transform.
Task titles, descriptions, comments, and status changes may traverse several services as part of normal operation.
The intended design passes task details through GitHub, a public webhook tunnel, the local gateway, and optionally Slack notifications.
GitHub sends webhook to Tailscale Funnel URL ... Transform calls `/hooks/agent` to wake agent with work order
Avoid putting secrets in task text, restrict who can view the repository/dashboard, and configure Slack/GitHub/gateway tokens with least privilege.