Skillv1.0.0

ClawScan security

AutoGitHub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 4:12 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code largely matches its GitHub-management purpose, but the package/registry metadata underreports required credentials and runtime requirements and there are unsafe patterns (unsanitized shell exec) and missing install declarations — review before use.
Guidance: This package contains real executable code (Node.js CLI) and is not just a text-only instruction set — do not install/run blindly. Important points: 1) The SKILL.md and code require a GitHub Personal Access Token and a GitHub username, but the registry metadata does not declare those credentials — treat that as a metadata/censorship mismatch and require the token only with least privileges (repo scope as necessary). 2) You must run npm install (Node >=14) to satisfy dependencies before using the CLI; the registry entry doesn't declare this. 3) The changelog generator uses child_process.execSync with direct string interpolation of tag/argument values — this can lead to shell injection if untrusted inputs are passed by an agent. Avoid feeding untrusted strings to the skill or run it in an isolated environment. 4) The tool writes .github-manager.json in the current directory (may contain tokens); ensure that file is not committed and run in a safe working directory. 5) If you plan to use webhook/Slack/Discord/Telegram fields, be aware those are outbound endpoints and will expose deployment/CI notifications. Recommendations before installing: inspect the full source (you already have it), run npm install in an isolated container or VM, create a GitHub token with minimal required scopes, avoid running automated/self-update/plugin commands until the code provenance is verified, and ask the publisher/registry to correct metadata to declare required env vars and install steps.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and code clearly require a GitHub Personal Access Token and username (and Node.js/npm to run), which are appropriate for a GitHub manager. However the registry metadata claims no required env vars/primary credential and no install requirements, which is inconsistent with the included code (package.json, Octokit usage). The skill is not truly 'instruction-only' given the bundled code and Node dependencies.
Instruction Scope: concernRuntime instructions and code read/write a local config file (.github-manager.json), call GitHub APIs, run local git commands, and offer 'self-update' / plugin install behavior. The generate-changelog script uses execSync with unsanitized interpolation of a --since / tag parameter (shell command built with user input), which creates a command-injection risk if untrusted input is passed. The SKILL.md's instructions instruct writing tokens to disk (config file) — expected but worth noting.
Install Mechanism: concernRegistry lists no install spec, but the bundle includes package.json and Node dependencies (@octokit/rest, commander, etc.). To run the CLI you must run npm install and possibly npm link; this is not reflected in registry metadata. Absence of an install step could cause users/agents to execute code without proper dependency installation or validation.
Credentials: noteRequesting a GitHub token and username is proportionate to the stated purpose. The problem is the registry metadata fails to declare these required credentials (metadata: none). Config-template also includes optional webhook/slack/discord/telegram fields — optional and expected, but these would grant outbound notification hooks if populated.
Persistence & Privilege: okThe skill is not always:true and does not request system-wide privileges. It stores configuration in the current working directory (.github-manager.json) which is appropriate for a CLI. It does not appear to modify other skills or system-wide agent settings.