Sw Persona Distiller

The skill's stated goal (generate Star Wars persona skills) is plausible, but the runtime scripts diverge from the documented instructions and include a hard-coded GitHub token and undisclosed GitHub operations — a clear incoherence that could lead to credential misuse or unexpected network activity.

Do not run any publish script from this repo until you resolve the inconsistencies and remove the embedded credential. Specific recommendations: - Treat the literal GITHUB_TOKEN in scripts/publish_github.sh as a leaked/compromised token; revoke it immediately on GitHub if it belongs to you or your org. - Do not run publish_github.sh as-is. It will attempt to create and push repositories to GitHub using a token in the script or the GITHUB_TOKEN env var. - The SKILL.md refers to ./scripts/publish.sh and ClawHub but the repo only has publish_github.sh — ask the author for the correct publish script and exact required env vars. - If you intend to publish to GitHub, require the user to provide GITHUB_TOKEN explicitly (do not hard-code), document required token scopes, and validate the token before use. - Audit and sanitize any credentials embedded in code, and update SKILL.md to list required env vars (GITHUB_TOKEN) and describe network side effects (repo creation, push). - If you need to test the build step, run scripts/build.sh in an isolated sandbox; reviewing the generated output/* files first is safe. Overall: this package is coherent for local persona generation, but the publishing code contains undisclosed credentials and mismatches between docs and scripts — treat as suspicious until fixed.