github-fetcher

v1.0.0

Use this skill when the user mentions a GitHub URL or asks to analyze, review, explore, or understand any GitHub project, repository, or codebase. Triggers o...

⭐ 0· 59·0 current·0 all-time

by@shiscofield12-beep

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description (fetch/analyze GitHub repos) match the declared requirement (curl) and the runtime instructions (use GitHub API and raw.githubusercontent URLs). There are no unrelated binaries, env vars, or config paths requested.

✓

Instruction Scope

SKILL.md confines actions to fetching content from GitHub (api.github.com and raw.githubusercontent.com) and gives branch-fallback tips. It does not instruct reading local files, other env vars, or exfiltrating data to external endpoints.

✓

Install Mechanism

Instruction-only skill with no install spec or downloads; lowest-risk model for installation because nothing is written to disk by the skill itself.

✓

Credentials

No environment variables, credentials, or config paths are requested. This is proportionate for a skill targeting public GitHub content. Note: it cannot access private repos without an auth token, and the SKILL.md does not request one.

✓

Persistence & Privilege

Flags show default behavior (not always:true). The skill does not request persistent presence or elevated privileges and does not modify other skills or system-wide settings.

Assessment

This skill appears coherent and low-risk: it only needs curl and instructs the agent to fetch public GitHub files for analysis. Keep in mind: (1) public-only — it won’t access private repos unless you supply a GitHub token (the skill does not request one), (2) GitHub rate limits apply for unauthenticated calls (60/hr), and (3) fetched code should never be executed by the agent unless you explicitly instruct it to run code — fetching and analyzing are separate actions. If you plan to analyze private repositories, review and approve any mechanism that supplies an auth token, and consider rate limits and data-volume implications before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐙 Clawdis

Binscurl

latestvk97ftp4cv4c8tswh7m8yr5cybs84p9e2

59downloads

0stars

1versions

Updated 6d ago

v1.0.0

MIT-0

GitHub Repository Fetcher

When given a GitHub URL or repo name, ALWAYS use curl to fetch real content first. Never guess or infer — fetch then analyze.

Standard analysis workflow

# 1. List root directory
curl -s "https://api.github.com/repos/OWNER/REPO/contents/"

# 2. Get README
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/README.md"

# 3. Explore key subdirectories based on findings
curl -s "https://api.github.com/repos/OWNER/REPO/contents/src"

Get specific file

curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/PATH/TO/FILE"

Extract OWNER/REPO from URLs

https://github.com/ultraworkers/claw-code → OWNER=ultraworkers REPO=claw-code
github.com/foo/bar → OWNER=foo REPO=bar

Tips

Try master if main returns 404
Use ?ref=BRANCH for other branches
GitHub API rate limit: 60 req/hour unauthenticated
After fetching, always provide analysis based on actual content

Comments

Loading comments...