ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub Digest

v1.0.0

Generate a structured GitHub repo digest with briefing summary, categorized changes (breaking/major features/minor features/bug fixes), community discussions...

0· 336·0 current·0 all-time
by@roggeohta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (GitHub repo digest) align with the runtime instructions: the workflow uses the GitHub CLI to list releases, PRs, and issues and formats a digest. However, the SKILL.md requires the 'gh' CLI (and uses 'jq' in examples), but the registry metadata declared no required binaries — this mismatch should be resolved.
Instruction Scope
Instructions are narrowly scoped to querying GitHub data (releases, PRs, issues) and formatting results. They require an authenticated 'gh' session (explicitly listed in SKILL.md) and do not instruct the agent to read unrelated local files or send data to endpoints other than GitHub links. The default repo and parallel execution are implementation details but not scope creep.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or written by the skill itself. This lowers installation risk; however, runtime depends on external CLIs being present on the host.
!
Credentials
The SKILL.md expects an authenticated 'gh' CLI context (which uses the user's GitHub credentials/token), but the skill metadata lists no required credentials or binaries. While using the user's gh auth is appropriate for querying private or authenticated endpoints, the metadata omission is inconsistent and could lead to confusion about what credentials will be used. The examples also use 'jq' but it's not declared.
Persistence & Privilege
The skill does not request persistent privileges (always is false) and has no install hooks. It does rely on the agent executing shell commands (gh); autonomous invocation is allowed by platform default but not otherwise elevated by this skill.
What to consider before installing
This skill appears to do what it says (produce a GitHub digest), but before using it: 1) confirm you have the gh CLI and jq installed and that the publisher updates the registry metadata to declare those requirements; 2) understand that the skill will run gh commands using whatever account is authenticated in your gh CLI (so it will use your GitHub token/permissions); 3) if you only want public data, test the gh commands manually first to see what they'll return; 4) if concerned about token scope, use a token/account with limited permissions or run on an environment where gh is configured for read-only access; and 5) ask the publisher to clarify the missing metadata (required binaries and whether private-repo access is needed). These steps will reduce risk and resolve the metadata inconsistency.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c9pcrnhbxez3mt2j0xkd925826rsd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments