ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

github-helper

Local GitHub repository helper for search, clone, sync, and issue/PR inspection workflows. Use when users mention github/repo/repository, ask to download or...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 265 · 4 current installs · 5 all-time installs
by@dandandujie
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, SKILL.md and included scripts are coherent: they scan a local GitHub directory and update a CLAUDE.md knowledge file and use git/gh for remote queries. However, SKILL.md explicitly references gh and git and a specific default path (/Users/liuchen/Documents/github) while the skill's metadata declares no required binaries or environment variables — the missing declaration of required CLI tools and the hardcoded user path are minor mismatches that should be clarified.
Instruction Scope
Instructions stay within the stated purpose (scan local repos, optionally call gh/remote search, clone into the local dir, update CLAUDE.md). Two items to note: (1) SKILL.md uses a hardcoded absolute path tied to a particular user account and will read/write files there; (2) the doc says 'Update this SKILL.md path if needed,' which implies editing the skill's documentation/config but no script in the package performs that — this is ambiguous and could grant the agent discretionary modification of skill files if implemented elsewhere.
Install Mechanism
This is instruction-only with small helper scripts included; there is no download/install step, no external archive URLs, and nothing will be written to disk by an installer. The scripts themselves are simple and local.
Credentials
The skill does not request environment variables or credentials. The workflows mention gh (GitHub CLI) and git usage, which are reasonable for a GitHub helper; no unexplained secret access is requested.
Persistence & Privilege
always:false and normal autonomous invocation are set (expected). The skill will read and write files inside the configured repo directory (cloning repos and writing CLAUDE.md). The SKILL.md text suggests updating its own path entry, which would amount to modifying the skill docs/config if acted on — that behavior is not implemented in the provided scripts but should be treated as a potential source of unexpected file edits if the agent is given permission.
Assessment
This skill appears to do what it says: scan a local GitHub folder, optionally call gh/git, clone repos into a local directory and maintain a CLAUDE.md summary file. Before installing or invoking it: (1) confirm or change the default path (/Users/liuchen/Documents/github) so it doesn't access an unexpected directory; (2) ensure git and the gh CLI are installed and that you are comfortable the skill can run clone operations (which write to disk and perform network calls); (3) inspect and run the included scripts manually if you want to verify behavior — they only read README files and write CLAUDE.md, but cloning will bring remote repo contents onto your machine; (4) be cautious if you have sensitive/private repos in the target directory or limited disk/quota; and (5) ask the skill author to clarify the ambiguous instruction about updating SKILL.md (is the agent expected to edit installed skill files?).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9768dnk2fw4pt79ax9h2tfab1827d9a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GitHub Helper

Overview

管理本地 GitHub 仓库目录,维护可检索知识库,并为仓库检索、克隆、Issue/PR 跟踪提供统一流程。

Local Repository Directory

Default path: /Users/liuchen/Documents/github

This path is referenced in the knowledge base file: @/Users/liuchen/Documents/github/CLAUDE.md

Core Workflows

1. Initialize or Update Knowledge Base

When first using this skill or when user requests an update:

  1. Check if the github directory exists.
  2. If not found, ask user for the correct path.
  3. Scan the directory using scripts/scan_repos.py.
  4. Update CLAUDE.md using scripts/update_kb.py.

Example:

# Scan repositories
python3 scripts/scan_repos.py /Users/liuchen/Documents/github

# Update knowledge base (pass repos as JSON)
python3 scripts/update_kb.py /Users/liuchen/Documents/github '[{"name":"repo1","path":"/path","summary":"desc"}]'

2. Search for Repository

When user mentions a repository name:

  1. Check local first: Read @/Users/liuchen/Documents/github/CLAUDE.md.
  2. If found locally: Use local path to analyze and answer.
  3. If not found: Search GitHub using gh or GitHub MCP tools.
  4. Offer to download: Ask user whether to clone.

3. Download Repository

When user requests to download/clone:

  1. Clone to the github directory: 
    cd /Users/liuchen/Documents/github
git clone <repo-url>
  2. After successful clone, update knowledge base:
    • Run scripts/scan_repos.py to get repo info.
    • Run scripts/update_kb.py to update CLAUDE.md.

4. GitHub Search Integration

Use gh CLI first, then fall back to GitHub MCP:

Search repositories

gh search repos <query> --limit 10

Search issues

gh issue list --repo <owner/repo> --state all --limit 20

Search PRs

gh pr list --repo <owner/repo> --state all --limit 20

Answering Repository Questions

  1. Check whether repository exists in local knowledge base.
  2. If local, prioritize local code inspection.
  3. If information is insufficient, query GitHub issues/PRs/releases.

Directory Validation

If /Users/liuchen/Documents/github does not exist:

  1. Ask user for the correct repository root path.
  2. Update this SKILL.md path if needed.
  3. Initialize knowledge base at the new location.

Scripts

  • scan_repos.py: Scan local repositories and extract summaries.
  • update_kb.py: Update CLAUDE.md with repository metadata.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…