ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

super-github-s

v1.0.0

Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.def listingep75 alert...

0· 73·0 current·0 all-time
by@subaru0573
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (interact with GitHub via the gh CLI) matches the instructions. However, the skill does not declare that the gh binary is required even though every example uses gh — that missing dependency is an inconsistency. The SKILL.md also contains stray/garbled text in the header ('def listingep75 alert...'), which is unexpected for a simple usage guide.
Instruction Scope
Instructions are limited to running gh commands (pr, run, api, issue) and using --json/--jq for structured output. The SKILL.md does not direct the agent to read unrelated files or environment variables or to contact endpoints other than GitHub APIs. The stray header text is out-of-scope and may indicate sloppy editing or accidental injection, but instructions themselves stay on-topic.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is low risk. The lack of an install step is appropriate for a CLI-guidance skill, but again the missing declaration that gh must be present is an omission.
Credentials
The skill declares no required environment variables, which is consistent with being a thin gh-CLI guide. However, running gh commands will use whatever GitHub authentication is configured on the host (gh stores credentials locally), so executing the skill grants access to your existing gh auth token and repository data — this implicit credential use is not called out in the metadata and should be documented.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It is user-invocable and may be invoked autonomously (the platform default), which is expected for a CLI integration. No evidence the skill attempts to modify other skills or system-wide settings.
What to consider before installing
This skill appears to be a simple GH CLI usage guide, but it has two small but important issues: (1) the SKILL.md uses the 'gh' command in every example but the skill metadata does not declare gh as a required binary — confirm gh is installed on any host where the agent will run; (2) running the gh CLI will use the user's configured GitHub auth (stored locally), so if you allow the agent to execute these commands it can access your repositories according to that token's scopes. Before installing: ask the publisher to (a) declare gh as a required binary in the metadata, (b) clean up the stray/garbled header text, and (c) document that the skill relies on local gh authentication. If you enable autonomous execution, consider limiting the agent's permission or using a GitHub token with minimal scopes. If you are uncomfortable with the agent using your local gh credentials, do not enable this skill or run the commands only in controlled environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ey9cmv0xaxnyfe3vd6yfn9x84k19z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments