GitHub Watch
v1.0.6Weekly GitHub digest for sysops/DevOps engineers. Fetches trending repos and topic:sysops/topic:devops repos, wraps content for LLM scoring, then dispatches...
⭐ 0· 372·1 current·1 all-time
byRomain@romain-grosos
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actual behavior: fetch trending + topic repos, produce a wrapped listing for LLM scoring, deduplicate with a local 'seen' store, and dispatch results via mail-client and nextcloud-files skills. The optional GITHUB_TOKEN and local config paths are reasonable and expected for this purpose.
Instruction Scope
SKILL.md and the scripts limit actions to fetching GitHub data, wrapping external content (untrusted.py), scoring (delegated to the agent/LLM), writing a local seen.json, and calling delivery skills. The agent is explicitly instructed to run scoring and to mark repos seen (example code provided). This is within scope, but note the skill executes local Python scripts and will import/exec the mail-client script and invoke the nextcloud script — so those other skills' code will run in-process or be executed.
Install Mechanism
No install spec; the package is instruction + included scripts (stdlib only). No downloads, package registry installs, or archives are used. This is low-risk from an install-execution perspective.
Credentials
No required environment variables are declared; an optional GITHUB_TOKEN is supported (env or plaintext file under ~/.openclaw/secrets/github_token). Requiring a GitHub PAT for higher API rate limits is proportionate. The skill reads and writes only under ~/.openclaw (config and seen store). Be aware the token is stored as plaintext by default (chmod guidance in SKILL.md) and the skill will read it at runtime if present.
Persistence & Privilege
always:false (no forced inclusion). The skill persists only its own config and data under ~/.openclaw and does not modify other skill configurations. It does import/execute other skills' scripts when delegating delivery (normal for chained skills), but it does not request elevated system privileges.
Assessment
This skill appears to do what it says, but consider the following before installing:
- Protect your GitHub token file: it is read as plaintext from ~/.openclaw/secrets/github_token (optional) — keep file permissions restricted and only supply a token with the minimal scope you need.
- Review and trust mail-client and nextcloud-files skills: this skill imports/executes the mail-client script and runs the nextcloud script to deliver content, so those other skills' code will execute on your machine — if they are untrusted, they could send data or perform unexpected actions.
- Local data writes: the seen-store and config live under ~/.openclaw; this is expected but you should verify that path if you have strict data controls.
- Prompt-injection handling: the skill includes an explicit untrusted wrapper to reduce prompt injection risk when feeding external repo descriptions to an LLM, but wrapping is a textual mitigation only — continue to treat model outputs cautiously and avoid automatic execution of any instructions found in repo text.
- If you do not want the agent to autonomously run the pipeline, keep the skill user-invocable and control cron/automation settings; the skill itself does not set always:true.
Overall, the footprint is proportionate to its stated purpose; review the delivery skills and your token handling policy before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977qvmx46wb2na2aspby4zxzh82r67q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐙 Clawdis