Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PR Description
v1.1.3Automatically generate a structured, high-quality Pull Request (PR) description based on the provided git diff or code changes. Trigger when the user asks to...
⭐ 1· 65·0 current·0 all-time
byXudong Guo@sunny0826
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to fetch diffs and optionally update PRs via the GitHub CLI and local git; that functionality is coherent with a PR-description generator. However, the registry metadata lists no required binaries or environment variables even though the runtime instructions explicitly instruct use of 'gh' and 'git' and to check 'gh' authentication. This mismatch (declared requirements = none vs. instructions requiring CLI tools and authenticated access) is inconsistent and should be clarified.
Instruction Scope
SKILL.md instructs the agent to run commands like 'gh pr diff', 'gh pr view --json viewerCanUpdate', 'gh api user', and (with explicit user approval) 'gh pr edit ... --body-file <temp-file>'. These steps are within the stated purpose but involve accessing local CLI tools, checking auth state, writing temp files, and (if approved) modifying remote PRs. The skill correctly warns about not executing code found in diffs and requires user confirmation before editing, but the instructions give the agent broad ability to run local commands and interact with GitHub credentials — behavior that should be explicitly declared in the metadata and presented to the user beforehand.
Install Mechanism
This is instruction-only (no install spec), which is low-risk in itself because no new code is written to disk. However, the SKILL.md expects existing tools (git, gh) on PATH; that expectation is not declared in the registry metadata. No external downloads or installs are specified.
Credentials
The skill does not declare any required environment variables or primary credential, yet it instructs the agent to call 'gh' and 'gh api user' and to check viewerCanUpdate, which implicitly uses the user's GitHub authentication (oauth token or local gh auth). That means the skill will rely on credentials accessible to the 'gh' CLI. Because these credentials are not declared or scoped in the metadata, it's unclear what secrets the skill will access and why; this mismatch is a notable risk.
Persistence & Privilege
always:false and default autonomous invocation are present; no install-time persistence or forced inclusion. The skill does include logic to update PRs only after explicit user approval, which limits privileged actions. There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill appears to do what it says (generate PR descriptions and optionally update PRs), but it has an important metadata/instruction mismatch: SKILL.md expects git and the GitHub CLI ('gh') and will query your gh authentication, yet the package declares no required binaries or credentials. Before installing or running it, consider:
- Confirm you are comfortable with the agent running local 'git' and 'gh' commands and that your 'gh' is authenticated; those commands will use your GitHub credentials if present.
- Prefer to provide diffs inline (paste the git diff) instead of granting the skill permission to fetch or edit remote PRs.
- Ask the maintainer to update the skill metadata to list required binaries (git, gh) and to explicitly state the credential implications.
- Ensure the agent asks you for explicit approval before performing 'gh pr edit' (SKILL.md says it will — verify that behavior).
If you want to proceed but want lower risk, only use the skill in read-only mode (give it diffs or PR content yourself) and do not allow it to run remote-editing commands.Like a lobster shell, security has layers — review code before you run it.
latestvk978n691paz4277f3g9ened07h84casm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.