ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Build Transparency Dashboard

v1.0.0

Automatically update a public dashboard with commit count, last commit, and timestamps from a private GitHub repo for transparent project progress.

0· 379·0 current·0 all-time
byNovaiok@cryptocana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described purpose (export commit count/last commit/timestamps from a private GitHub repo to a public site) matches the included code (scripts/update-status.js, assets/github-actions.yml) and the instructions. However the skill package metadata states no required environment variables or primary credential, while SKILL.md and the workflow clearly require a GH_PAT (Personal Access Token with repo scope) to push status.json to the public site repo. That metadata omission is an incoherence and a meaningful security/permission concern.
Instruction Scope
The runtime instructions stay within the stated purpose: add a GitHub Actions workflow in the private repo that reads git logs and commits status.json into a public site repo, and optionally run an ideas API. They explicitly instruct creating a GH_PAT secret. Important behaviors to note: the workflow and update-status.js read private repo git history (commit messages and timestamps) and publish that data to a public repo (this is the intended effect but is sensitive), and the ideas API defaults to CORS_ORIGIN='*' (public). The instructions do not contain extraneous exfiltration endpoints or hidden network calls beyond the push to the public site and optional Fly deploy.
Install Mechanism
There is no install spec — this is an instruction-and-code bundle. No downloads or third-party installers; included scripts and static assets are provided in the skill. That minimizes installer risk. The workflow runs Node and shell commands in GitHub Actions (expected).
!
Credentials
The skill requires a GH_PAT with 'repo' scope (documented in SKILL.md and github-actions.yml) but the registry metadata declared 'Required env vars: none' and 'Primary credential: none'. This mismatch is important: a PAT with repository write access is a high-privilege secret and should be declared. The PAT scope requested ('repo') can be broader than necessary depending on how the token is created — the skill should advise using the least-privilege method (e.g., a machine account / GitHub App / repository-limited token) and document exactly which repositories the token will access. The optional FLY_API_TOKEN is also noted in the workflow and should be declared if used.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistent privileges. It writes only to the public site repo (status.json) and the ideas API writes a local JSON file for persisted ideas. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (normal for skills) but is not combined with other elevated privileges here.
What to consider before installing
What to check before installing / using this skill: - The registry metadata is incomplete: SKILL.md requires a GH_PAT (Personal Access Token) with 'repo' scope to push status.json to your public site, but the skill listing does not declare any required credential. Treat that as a red flag and ask the publisher to correct the metadata. - A GH_PAT with 'repo' scope can be powerful. Create a token with the smallest possible scope and access: ideally a token that only has permission to the single public site repo, or use a dedicated machine user or GitHub App that you can revoke or limit. Avoid using a personal account token that has access to many repos. - Understand exactly what will be published: commit messages and timestamps from your private repo are intentionally exported to the public status.json. If you have sensitive commit messages (secrets, internal references), do not enable this workflow until you sanitize history or filter what is published. - Consider alternatives that reduce risk: instead of giving a PAT that can access multiple repos, run a workflow in the public repo that pulls sanitized metadata from the private repo via a more controlled channel (e.g., repository_dispatch with a limited token), or use a GitHub App with fine-grained permissions. - The included ideas API defaults to CORS_ORIGIN='*' and stores ideas in a local JSON file. If you host that API, set CORS_ORIGIN to your site origin (not '*'), and review input handling/limits (the API is simple and has no auth). Consider abuse (spam voting) and add rate limits or moderation if needed. - Verify the owner/source: the skill's source/homepage are unknown. Prefer code from publishers you trust, and if you proceed, inspect the included scripts (update-status.js and ideas-api.js) yourself. The files in this package appear to implement the documented behavior, but the metadata omission reduces confidence. - Operational hygiene: rotate the GH_PAT if compromised, limit its scope, and monitor actions performed by the bot account. If unsure about token permissions or the anonymous publisher, do not install until those questions are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b59p8c7sh1egb126gq0xj4h8216jm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments