Back to skill
Skillv1.0.0
ClawScan security
Overlap Check · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 2:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instructions, requirements, and behavior are consistent with a helper that searches a repository for existing issues/PRs before creating new ones; it only needs the gh CLI and is instruction-only.
- Guidance
- This skill is instruction-only and simply runs gh CLI commands to search the target repository for existing issues/PRs. Before installing, ensure you have the GitHub CLI (gh) available and authenticated (gh may use your existing credentials/config to access private repos). Understand that the agent will run gh commands in the current working directory or against the specified OWNER/REPO; it will not exfiltrate secrets or install software. If you are concerned about autonomous runs, note the skill can be invoked by the agent when it decides to file issues/PRs—disable autonomous invocation at the agent level if you want manual control.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description match its asks: it requires the gh CLI and instructs the agent to run gh repo/view/search/view commands to find duplicates. There are no unrelated credentials, binaries, or config paths requested.
- Instruction Scope
- okSKILL.md gives narrow, concrete commands (gh repo view, gh search issues/prs, gh issue/pr view) scoped to the target repo and to user decision points. It does not instruct broad data collection, access to unrelated files, or external endpoints beyond GitHub via gh.
- Install Mechanism
- okNo install spec or downloadable code is present; this is instruction-only and relies on the existing gh binary, minimizing installation risk.
- Credentials
- okNo environment variables, credentials, or config paths are required by the skill. It relies on the gh CLI for authentication, which is a proportional requirement for interacting with GitHub.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated system privileges. It does not modify other skills or global agent configs. The agent may invoke it autonomously (default), which is expected for such helpers.