ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Open Source Release

v1.1.0

Convert a private repository to public open-source. Use when making a repo public, sanitizing personal info from code/docs/git history, or preparing a projec...

0· 378·1 current·1 all-time
by@jini92
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: scanning code/docs, cleaning history, creating a clean orphan branch, and switching repo visibility are all expected for preparing an open-source release. References to BFG/git-filter-repo and gh are reasonable for the stated tasks.
Instruction Scope
The SKILL.md stays focused on repo sanitization and making a repo public, but contains destructive git operations (force-push, deleting branches) and platform-specific PowerShell examples. It assumes presence of git and optionally the GitHub CLI or repo-cleaning tools; it does not provide explicit backup/mirroring steps or cross-platform command variants — users should test on a clone/mirror and confirm tools before running destructive commands.
Install Mechanism
No install spec or code files — instruction-only. This minimizes surface area; the doc does recommend external tools (BFG, git-filter-repo, gh) but does not attempt to download or execute third-party code automatically.
Credentials
No environment variables, credentials, or config paths are requested. The instructions correctly warn about tokens-in-URLs and check remotes; they do not ask for unrelated secrets or elevated access.
Persistence & Privilege
Skill is user-invocable and not always-enabled. It doesn't request persistent privileges or modify other skills or system-wide settings.
Assessment
This skill is a focused checklist for making a repo public and cleaning history, but it includes destructive git commands. Before using: 1) Make a full mirror backup (git clone --mirror) or work on a copy; 2) Test history-rewriting commands on a clone and confirm tool availability (git, gh, BFG/git-filter-repo); 3) Check CI, package registries, webhooks, and external services for stored secrets or tokens (not just code files); 4) Coordinate with collaborators — force-pushes and branch deletions rewrite history and can disrupt others; 5) If you are on Linux/macOS, translate PowerShell examples or run them in a suitable environment. If you want, I can produce a non-destructive dry-run script and a checklist tailored to your repository (list remotes, create mirror, run safe scans) before you perform any irreversible actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dffhmacdekk4sw9m6vdsags821yht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments