ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Github Release Watcher

v1.0.0

Monitor specified GitHub repositories for new releases and receive notifications of newly detected tags.

0· 104·1 current·1 all-time
by@rogue-agent1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for rogue-agent1/github-release-watcher.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Github Release Watcher" (rogue-agent1/github-release-watcher) from ClawHub.
Skill page: https://clawhub.ai/rogue-agent1/github-release-watcher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-release-watcher

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-release-watcher
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, skill.json and the script all align: the script calls gh to query repos listed in repos.txt and reports new tags. The declared requirement (gh) matches actual usage. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions stay within scope: they require an authenticated gh CLI, edit repos.txt, and run the script. The script only reads repos.txt and a local state file and queries GitHub via gh; it does not transmit data to unexpected endpoints or read unrelated system files.
Install Mechanism
No install spec (instruction-only + small script) — nothing is downloaded or extracted. This minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials. It relies on the gh CLI which expects GitHub authentication; that is proportional to its purpose. The only optional env var used is STATE_FILE to override the local state path, which is reasonable.
Persistence & Privilege
The script writes a local state file scripts/.last_seen.json (or $STATE_FILE if set) to track seen tags — expected for this task. The skill is not always-enabled and does not modify other skills or system configs.
Assessment
This skill appears to do what it says: it needs the GitHub CLI (gh) to be authenticated and will create/update scripts/.last_seen.json to remember seen tags. Before enabling: (1) confirm you want gh to be used (gh uses your GitHub credentials/token), (2) review and restrict repos.txt to only repos you intend to monitor, (3) consider running the script manually once to verify output and that the state file location is acceptable, and (4) if you have strict auditing needs, inspect the script for quoting/edge-case behavior (repo names with unusual characters could cause errors) or run it under a dedicated low-privilege account. The author field ('rogue-agent1') is unusual but does not itself indicate malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fbcjnhr9n21pdm9jwkz6mhn83prdk
104downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@rogue-agent1
latest
Download

GitHub Release Watcher

Monitor GitHub repositories for new releases and get notified.

Setup

  1. Requires gh CLI (GitHub CLI), authenticated
  2. Edit repos.txt — one owner/repo per line, # for comments

Usage

# Check all repos for new releases
bash scripts/check_releases.sh

# Use custom config file
bash scripts/check_releases.sh /path/to/repos.txt

# Dry run (show all latest releases regardless of state)
rm -f scripts/.last_seen.json && bash scripts/check_releases.sh

Integration

Cron (recommended)

Run daily via OpenClaw cron job to get notified of new releases:

Schedule: daily at 09:00
Payload: "Check for new GitHub releases using the github-release-watcher skill"

Heartbeat

Add to HEARTBEAT.md for periodic checks (1x/day recommended).

Output

  • 🆕 **owner/repo** → tag (name) — new release detected
  • ✅ No new releases detected. — all repos up to date

State

Release state stored in scripts/.last_seen.json. Delete to reset.

Adding Repos

Edit repos.txt:

# My tools
owner/repo
another/repo

Comments

Loading comments...