ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Repo Analyzer

GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 684 · 4 current installs · 4 all-time installs
by@Don-GBot
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/SKILL.md clearly describes a GitHub repo trust scorer and the bundled scripts implement that. However the skill declares no required environment variables while the docs state 'CRITICAL: Always run with GITHUB_TOKEN loaded' and the code uses process.env.GITHUB_TOKEN. The SKILL.md also claims 'zero external dependencies' but the runtime optionally invokes external CLIs (bird, gh) and the code expects Node.js 18+. There's a version mismatch (registry metadata 1.2.0 vs package.json 1.1.1). These mismatches (missing declared env, undeclared external CLI reliance) are disproportionate to the stated metadata and reduce coherence.
!
Instruction Scope
SKILL.md explicitly instructs sourcing ~/.bashrc and even gives a grep snippet to extract GITHUB_TOKEN from that file — that directs the agent/user to read a local shell config file containing secrets. The skill also auto-triggers on pasted X/Twitter URLs and instructs the agent to 'ALWAYS include the tweet text/context', and the code will try to read tweets via a local 'bird' CLI or public syndication endpoints. The instructions therefore request local secrets and run shell commands to fetch external content; this goes beyond simply calling the GitHub API to analyze a repo and grants broad discretion to access local files and run arbitrary CLIs.
Install Mechanism
There is no install spec (instruction-only at registry level) but the package bundle contains multiple scripts and supporting files. No external downloads or archive extraction are used — code is present in the skill bundle. That keeps the install risk low, but the presence of runnable scripts means installing/executing them will run code on the host.
!
Credentials
The skill requests no env vars in metadata but both SKILL.md and scripts expect GITHUB_TOKEN for full functionality. Moreover, the SKILL.md instructs users to source ~/.bashrc and extract the token from there. The code executes external CLIs via child_process.execSync while passing process.env, so any invoked CLI (bird, gh, etc.) would receive the agent's environment including secrets. Requiring an unrestricted PAT without guidance on minimal scopes and instructing reading ~/.bashrc is disproportionate and potentially exposes sensitive credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It is user-invocable and can be invoked autonomously (disable-model-invocation:false), which is normal and not by itself a red flag. Auto-trigger behavior on pasted X/Twitter URLs is a functional choice but increases privacy exposure (tweet text and extracted links will be fetched).
What to consider before installing
This skill implements a plausible GitHub repo analyzer, but there are notable red flags you should consider before installing or running it: - Credential handling: The skill expects a GITHUB_TOKEN but the registry metadata does not declare it; SKILL.md even tells you to source ~/.bashrc or grep it out of that file. Do NOT store or extract long-lived tokens from shell rc files for third-party tools. Prefer providing a token via the --token flag or a short-lived token with minimal scopes. - Local file access: The documentation instructs reading ~/.bashrc; that is a direct local file read that could expose other secrets if you follow the provided commands. Avoid running those exact source/grep commands unless you understand what they'll reveal. - Child process execution: The code executes external CLIs (bird, gh) using child_process.execSync and forwards environment variables. If you run the skill and those CLIs are present (or replaced by malicious binaries), your environment (including tokens) could be exposed. Only run in an isolated environment or confirm the CLIs are trustworthy. - Auto-triggering on pasted tweets: The skill will attempt to fetch tweet content automatically and include it in reports. If you paste a private or sensitive URL, the skill may fetch and include that text in outputs. - Mitigations: Inspect the full analyze.js file locally, run the tool in an isolated container/VM, use a minimal-scope GitHub PAT (or a read-only token), avoid storing tokens in ~/.bashrc, and do not allow the skill to auto-run on arbitrary pasted content. If you need higher assurance, ask the author for clearer metadata (declare GITHUB_TOKEN requirement) and for an option to disable invoking external CLIs or auto-triggering on tweets.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.0
Download zip
latestvk974a9sw67drrra6214qstjndx81vfsz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Repo Analyzer

Zero-dependency GitHub trust scorer. Runs 29 analysis modules across 12 scoring categories.

Usage

# Single repo
node scripts/analyze.js <owner/repo or github-url> [flags]

# From a tweet (auto-extracts GitHub links)
node scripts/analyze.js <x.com-or-twitter.com-url> [flags]

# Batch mode
node scripts/analyze.js --file <repos.txt> [--json]

Flags

  • --json — JSON output (for pipelines)
  • --oneline — compact one-line score
  • --badge — shields.io markdown badge
  • --verbose — show progress
  • --token <pat> — GitHub PAT (or set GITHUB_TOKEN env)
  • --file <path> — batch mode, one repo per line (# comments ok)

Environment

CRITICAL: Always run with GITHUB_TOKEN loaded. Without it, scores are severely degraded (missing stars, forks, commits). Before running: source ~/.bashrc (token is in ~/.bashrc as GITHUB_TOKEN). Or pass explicitly: GITHUB_TOKEN="$(grep GITHUB_TOKEN ~/.bashrc | cut -d'"' -f2)" node scripts/analyze.js ...

Scoring (14 categories, 168pts normalized to 100)

CategoryMaxWhat it checks
Commit Health20Human vs bot, GPG sigs, code dumps, fake timestamps
Contributors15Bus factor, contributor diversity
Code Quality25Tests, CI, license, docs, lock files
AI Authenticity15AI slop detection in code/README
Social10Stars, forks, star/fork ratio, botted stars
Activity10Recent pushes, releases
Crypto Safety5Token mints, rug patterns, wallet addresses
Dependency Audit10Known malicious packages, typosquatting, install hooks, lock files
Fork Quality8Fork divergence, suspicious changes, gutted vs meaningful forks
README Quality10Install guide, examples, structure, API docs
Maintainability10File sizes, nesting, code/doc ratio
Project Health10Abandoned detection, velocity, issue response, PR review
Originality5Copy-paste, template detection, backer verification
Agent Safety15Install hooks, prompt injection, secrets, CI audit, permissions

Grade Scale

  • A (85+): LEGIT
  • B (70-84): SOLID
  • C (55-69): MIXED
  • D (40-54): SKETCHY
  • F (<40): AVOID

Key Features

  • Enhanced dependency audit: Detects known malicious packages (event-stream, ua-parser-js, etc.), typosquatting attacks, install hooks, and estimates transitive dependency bloat
  • Fork comparison: Analyzes fork divergence, detects cosmetic vs meaningful changes, flags suspicious modifications (removed CI, added wallets), identifies gutted forks
  • Agent safety: Detects prompt injection, credential harvesting, install script hooks, obfuscated code
  • Secrets detection: Finds hardcoded API keys, tokens, private keys via regex + entropy
  • Network mapping: Categorizes all outbound domains (API, CDN, unknown)
  • CI/CD audit: Checks GitHub Actions for pull_request_target, unpinned actions, secret leaks
  • Permissions manifest: Summarizes what the code needs to run (like an app permissions list)
  • Author reputation: Org memberships, suspicious repos, account age
  • Backer verification: Cross-references investor claims vs committer org membership
  • Complexity hotspots: Flags large files with deep nesting and high conditional density

Batch File Format

# One repo per line, # for comments
Uniswap/v3-core
https://github.com/aave/aave-v3-core
OpenZeppelin/openzeppelin-contracts

Output

Default: rich terminal report with bar charts, sections, verdict. --json: Full structured data for programmatic use. --oneline: RepoName: 85/100 [A] — 2 flags

When Reporting to User

Keep it concise. Lead with score/grade and notable findings. Skip sections with nothing interesting. Example:

"Uniswap/v3-core scored 75/B — 96% GPG-signed, 11 authors, MIT license. Flagged: abandoned (466 days no push), 2,597 transitive deps (bloated), secrets in CI run commands. Agent safety: CAUTION."

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…