Github Ops
v1.0.0GitHub 操作技能 - 创建仓库、推送代码、管理 Release。全自动,无需用户干预。
⭐ 1· 4k·55 current·57 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (create repo, push code, create releases) line up with required binaries (git, curl) and a GITHUB_TOKEN. However the SKILL.md also repeatedly claims 'no need for user to provide Token' while simultaneously requiring GITHUB_TOKEN and showing how to read it from /home/node/.openclaw/secrets/github_token.txt; that contradiction is unexplained.
Instruction Scope
Instructions are prescriptive and stay within GitHub APIs and git operations, but they reference reading a specific file path (/home/node/.openclaw/secrets/github_token.txt) and a workspace (/home/node/.openclaw/workspace). The skill also demonstrates embedding the token in remote URLs (https://${GITHUB_TOKEN}@github.com/...), which can leak credentials via git config or process listings. The SKILL.md's 'fully automatic, no user intervention' tone increases the risk of the agent performing these filesystem and network actions without explicit user consent.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — low install risk. Nothing is written to disk by an installer here (the file references are runtime instructions).
Credentials
Only GITHUB_TOKEN is required, which is proportionate for GitHub operations. But the skill mixes env-var semantics with a hardcoded secrets file path (it both declares GITHUB_TOKEN as required and shows reading it from /home/node/.openclaw/secrets/github_token.txt). That mismatch and the example of embedding the token in remotes are security-relevant concerns.
Persistence & Privilege
always is false and autonomous invocation is the platform default. The skill does not request system-wide or other-skills configuration changes. The SKILL.md claims 'written to server' but there is no install step that modifies system configuration in the package; this appears to be a content assertion rather than an elevated privilege request.
What to consider before installing
This skill performs GitHub actions and needs a GITHUB_TOKEN — that is expected, but you should verify how the token will be provided and used before installing. Specific points to consider: (1) The SKILL.md contradicts itself by saying 'no token required' while instructing the agent to read a token file; clarify where the token will come from. (2) The examples embed the token in git remote URLs which can persist the token in git config or expose it in process lists — prefer a credential helper, environment-only use, or short-lived token. (3) Confirm the token's scope: use least privilege (only repo and workflow scopes needed) and prefer a deploy key or machine user for automation. (4) Validate access to /home/node/.openclaw/secrets and /home/node/.openclaw/workspace: ensure only expected files will be pushed and that the agent is allowed to operate autonomously. (5) Test in a throwaway account/repo first and rotate any tokens after testing. If you need this skill to run without user interaction, explicitly define how the token is provisioned and mitigations for token leakage before enabling autonomous usage.Like a lobster shell, security has layers — review code before you run it.
latestvk975kse3w3y8gxxyd1vzweb07d8218w6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🐙 Clawdis
Binsgit, curl
EnvGITHUB_TOKEN
Primary envGITHUB_TOKEN