Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GitHub Knowledge Base
v1.0.1Manage a local GitHub knowledge base and provide GitHub search capabilities via gh CLI. Use when users ask about repos, PRs, issues, request to clone GitHub repositories, explore codebases, or need information about GitHub projects. Supports searching GitHub via gh CLI and managing local KB with GITHUB_KB.md catalog. Configure via GITHUB_TOKEN and GITHUB_KB_PATH environment variables.
⭐ 2· 2.5k·14 current·16 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (manage a local GitHub KB and search via gh) reasonably requires the gh CLI, git, and a local filesystem path; the SKILL.md documents GITHUB_TOKEN and GITHUB_KB_PATH. However, the registry metadata lists no required binaries, env vars, or config paths — a mismatch between what the skill says it needs and what the manifest declares.
Instruction Scope
The runtime instructions tell the agent to read and update GITHUB_KB.md, locate and write into ${GITHUB_KB_PATH:-/home/node/clawd/github-kb}/, clone repositories, and read README/key files to generate descriptions. These file-system operations and cloning actions are coherent with the purpose but are not represented in the manifest; they mean the skill will access and modify local files and may clone remote repos.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is downloaded or written by an installer. That limits installation risk; however, runtime commands assume external tools (gh, git) are present.
Credentials
SKILL.md asks for GITHUB_TOKEN (optional) and GITHUB_KB_PATH, which are reasonable for private-repo access and locating the KB. But the skill manifest lists no required env vars or primary credential. A missing declaration of the token requirement is an incoherence and means users may not realize they'll need to provide a sensitive credential. The token should be least-privilege and documented in the manifest.
Persistence & Privilege
The skill does not request permanent platform privileges (always:false) and has no install step. It will, at runtime, write to a repository catalog file (GITHUB_KB.md) and clone repositories into a local path — expected for its function but important to know because it modifies user filesystem state.
What to consider before installing
This skill appears to do what it claims (search GitHub via gh and manage a local KB) but the published manifest omits important runtime requirements. Before installing or enabling it: (1) confirm the publisher and ask them to update the manifest to list required binaries (gh, git) and required env vars/config paths; (2) if you provide a GITHUB_TOKEN, make it least-privilege (scopes only as needed) and supply it via a secure secret store or env injection, not hardcoded; (3) decide whether you trust the skill to read/write the default KB path — change GITHUB_KB_PATH to a controlled directory if needed; (4) if you need assurance, request the skill owner add explicit statements about what files it will modify and add checks (e.g., prompt before cloning or writing GITHUB_KB.md). These inconsistencies are likely an oversight but should be resolved before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97c1zwzn92v6yp1f5nerf9y7d801y3h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.