Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
repo-setup
v1.0.0Fork, clone, and set up a GitHub repository for development or contribution. Handles fork creation, clone with authentication, upstream remote configuration,...
⭐ 0· 52·0 current·0 all-time
byBijin@sliverp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md clearly expects git and the GitHub CLI (gh), a GH_TOKEN or gh auth login, and language-specific toolchains (pip, npm, go, cargo, mvn, gradle). The skill metadata lists no required binaries or environment variables. This mismatch is unexpected — a repo-setup helper legitimately needs git and some auth mechanism declared in metadata.
Instruction Scope
Instructions stay within the repo-setup use case, but they also tell the agent/user to: request or rely on GH_TOKEN, run broad dependency installs (npm/pip/mvn/gradle) which execute third-party code, and include a token directly in an HTTPS clone URL. Embedding a token in the clone URL can leave the token in shell history, process listings, and repository config (remote URL), increasing the risk of accidental credential exposure. The doc also references an external helper script (oss-pr-campaign / scripts/setup_repo.sh) that is not provided or installed by this skill.
Install Mechanism
This is instruction-only with no install spec or code files, which is lower risk because nothing is written automatically. However, the README references an external helper script available only when paired with another (oss-pr-campaign) — that coupling is undocumented in the metadata and could confuse users.
Credentials
The instructions require a GH_TOKEN and GitHub username, but the skill declares no required env vars or primary credential. Asking for a GH token is reasonable for pushing/forking, but the skill does not document required token scopes or warn about safer alternatives (SSH or gh auth login). Also, the broad set of build toolchains suggested increases the surface area: running install commands will execute arbitrary third-party code (npm/pip/maven lifecycle scripts).
Persistence & Privilege
The skill is not always:true, has no install hook, and does not request persistent privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other strong privilege requests here.
What to consider before installing
Before installing or running this skill: 1) Treat the metadata mismatch as a red flag — ask the publisher to update required binaries (git, gh) and required env vars (GH_TOKEN) so you know what will be used. 2) Avoid cloning with a token embedded in the HTTPS URL; prefer gh auth login or SSH keys, and if you must use a token, use ephemeral/minimal-scoped tokens and remove them from remote URLs afterwards (git remote set-url). 3) Be cautious running dependency installs (npm, pip, mvn, gradle) from unknown repositories — these can execute arbitrary code (postinstall/build scripts). Consider running the setup in an isolated container or VM. 4) Verify existence and contents of any referenced helper scripts (scripts/setup_repo.sh, oss-pr-campaign) before executing them. 5) Limit GH_TOKEN scopes to the minimum required (fork/push), rotate tokens after use, and never paste tokens into chat or public logs. If the publisher cannot justify the missing metadata and the token-in-URL pattern is not removed or explained, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97bqhezwhgdg5ck1h7fbx9gqd83hgmt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.