ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

logo-generator

v1.0.0

Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.

0· 72·0 current·0 all-time
by@hucy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hucy/logo-generator-12.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "logo-generator" (hucy/logo-generator-12) from ClawHub.
Skill page: https://clawhub.ai/hucy/logo-generator-12
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install logo-generator-12

ClawHub CLI

Package manager switcher

npx clawhub@latest install logo-generator-12
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The package name/metadata (logo-generator) does not match the SKILL.md, which documents a GitHub `gh` CLI integration. This mismatch suggests a packaging or metadata error (or possible misdirection).
Instruction Scope
The SKILL.md stays within a clear scope (running `gh` commands to inspect PRs, runs, and use `gh api`). It does not ask to read unrelated system files or exfiltrate data. However it assumes a local `gh` CLI and authenticated GitHub access without declaring that requirement.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by the skill itself. Low install risk, but also means no provenance information is provided.
!
Credentials
The skill declares no required binaries or environment variables, but the runtime instructions require the `gh` CLI and an authenticated GitHub session (token stored by gh). The needed credential/access method is implicit and not documented, which is disproportionate to the declared requirements and obscures where credentials are used.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings; autonomous invocation is allowed (default) but is not by itself a new concern here.
What to consider before installing
Do not install or enable this skill until the metadata mismatch is resolved. The SKILL.md clearly expects the GitHub `gh` CLI and an authenticated GitHub session, but the package is named 'logo-generator' and declares no dependencies or credential requirements. If you still want to use it: 1) verify the skill's source and author (origin is 'unknown'); 2) ensure `gh` is installed and you are comfortable with how it stores authentication (gh stores tokens locally/OS credential store); 3) test in a safe account or environment (no sensitive repos) to confirm behavior; 4) avoid supplying additional env vars or secrets to the skill — the SKILL.md does not ask for any but it will implicitly use your `gh` auth; and 5) ask the publisher to fix the name/metadata and explicitly document required binaries and authentication. The mismatch could be an innocent packaging mistake, but it could also indicate sloppy or malicious packaging, so treat it with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xym9ra91mhdbwz9fb52teh84dbed
72downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@hucy
latest
Download

GitHub Skill

Use the gh CLI to interact with GitHub. Always specify --repo owner/repo when not in a git directory, or use URLs directly.

Pull Requests

Check CI status on a PR:

gh pr checks 55 --repo owner/repo

List recent workflow runs:

gh run list --repo owner/repo --limit 10

View a run and see which steps failed:

gh run view <run-id> --repo owner/repo

View logs for failed steps only:

gh run view <run-id> --repo owner/repo --log-failed

API for Advanced Queries

The gh api command is useful for accessing data not available through other subcommands.

Get PR with specific fields:

gh api repos/owner/repo/pulls/55 --jq '.title, .state, .user.login'

JSON Output

Most commands support --json for structured output. You can use --jq to filter:

gh issue list --repo owner/repo --json number,title --jq '.[] | "\(.number): \(.title)"'

Comments

Loading comments...