Back to skill
Skillv1.0.0
ClawScan security
GitHub Issue Auto Triage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 9:56 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and docs implement a GitHub+LLM triage tool and reasonably require GitHub and LLM credentials, but the package metadata and registry declarations are inconsistent about required credentials, versions, and repository/source — this mismatch and some provenance oddities warrant caution before installing.
- Guidance
- Key points before installing: - Metadata mismatch: The registry entry claims no required env vars, but the code and docs require GITHUB_TOKEN, GITHUB_OWNER, GITHUB_REPO and an LLM API key. Treat that as a packaging/provenance red flag and verify the source repository before use. - Principle of least privilege: If you test/install, create a GitHub token with the minimal scopes needed (issues: read/write; avoid granting full `repo` unless absolutely required). Review which exact GitHub scopes the script needs and restrict the token accordingly. - Inspect the code and run dry-run first: The included script (scripts/triage.py) is readable; run it with --dry-run in an isolated/sandboxed environment (or with a test repo) to verify behavior and network endpoints called. - Verify LLM endpoint and keys: The script calls dashscope.aliyuncs.com. Confirm you trust that LLM provider and that passing issue text to it is acceptable for your privacy/security needs. - Verify provenance: Repository/homepage and version fields differ across files (1.0.0 vs 2.0.0 and multiple repo URLs). Confirm the canonical source (GitHub repo) and recent commit history before trusting or deploying. - Operational advice: Add monitoring/logging, run initially on a small/test repo, and prefer running on a service account with limited permissions. If anything about the package provenance remains unclear, do not provide production tokens or deploy to production repositories until resolved.
Review Dimensions
- Purpose & Capability
- noteThe code, README and SKILL.md implement exactly the described purpose (GitHub issue triage: labeling, assigning, duplicate detection, FAQ replies, optional Slack/Discord notifications). Use of a GitHub token and an LLM API key is coherent with these capabilities. However, there are metadata inconsistencies: the top-level registry metadata listed no required env vars/credentials, while _meta.json, README, SKILL.md and config.example.json clearly list GITHUB_TOKEN, GITHUB_OWNER, GITHUB_REPO and DASHSCOPE_API_KEY. Version fields also mismatch (registry shows 1.0.0, _meta.json and clawhub.json show 2.0.0). Repository/homepage values differ across files. These provenance/version mismatches reduce confidence in the package source integrity.
- Instruction Scope
- okSKILL.md and scripts/triage.py limit actions to reading GitHub issues, calling an external LLM (DashScope), adding labels/comments/assignees, and optionally notifying Slack/Discord. The instructions do not request unrelated system files or broad data collection. They do instruct network calls to api.github.com and dashscope.aliyuncs.com and recommend environment variables for tokens; those are expected for this functionality.
- Install Mechanism
- okThere is no install spec (instruction-only / included Python script), which is lower risk than arbitrary installers or downloads. The package includes code files (scripts/triage.py) that will run when invoked; no external binary downloads or non-standard install locations are used.
- Credentials
- concernThe skill requires secrets (GITHUB_TOKEN and an LLM key) which are appropriate for its task, but the registry metadata initially presented to the platform omitted these requirements. That discrepancy is concerning. Also README suggests granting `repo` scope for the GitHub token (full repo permissions); for triage the least-privilege scopes (issues write/read, possibly pull request comments) are sufficient and safer. DASHSCOPE_API_KEY is a bearer-style secret — treat it like any API key. The number and sensitivity of credentials are proportionate to the feature set but must be explicitly declared and limited; here declaration is inconsistent.
- Persistence & Privilege
- okThe skill is not always:true and does not request system-wide privileges. _meta.json indicates fileWrite limited to current_directory_only and network access to api.github.com and dashscope.aliyuncs.com, which matches the code. It does write logs/results locally. It does not modify other skills or system-wide configurations.