ClawHub

github-repo-search

v1.0.0

帮助用户搜索和筛选 GitHub 开源项目,输出结构化推荐报告。当用户说"帮我找开源项目"、"搜一下GitHub上有什么"、"找找XX方向的仓库"、"开源项目推荐"、"github搜索"、"/github-search"时触发。

0· 122·3 current·3 all-time
by@jackhua6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md workflow: build queries, call GitHub search, filter, deeply read READMEs and produce structured recommendations. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md instructs the agent to execute multiple search queries, fetch many candidate repo pages, and inspect README/quickstart/activity signals. This is expected for deep repo analysis, but it implies non-trivial network/API usage and many HTTP requests (Search API and repo pages). The skill explicitly defaults to unauthenticated queries and requires recording API quota/time.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or installed by the skill itself.
Credentials
No environment variables or credentials are required. The SKILL.md explicitly defaults to not using a user token, so there is no disproportionate request for secrets. (If the operator later supplies a token, the doc does not define storage/usage rules — consider scope limits.)
Persistence & Privilege
always:false and no install hooks or cross-skill config modifications. Autonomous invocation is allowed (the platform default) but the skill enforces a mandatory user-confirmation step before starting searches.
Assessment
This skill appears internally consistent and low-risk: it only needs to read public GitHub data and does not request secrets or install code. Before enabling: ensure your agent environment allows outbound HTTP to GitHub and that you accept the implied API/request volume and rate limits. If you want higher query capacity, you may consider providing a scoped GitHub token — but only do so if you trust the skill and the agent, and prefer a token with minimal scopes (public_repo if needed) and short lifetime. Also confirm your agent/policy won't forward fetched repository contents to external services you don't trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aa0as9c8c9npvq03jzxwf7h83kw7g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments