ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

github-pr-automation

v1.0.0

Automate GitHub contributions by finding good first issues, analyzing projects, forking, implementing fixes, and submitting pull requests efficiently.

0· 124·1 current·1 all-time
by@thatgfsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to automate finding issues, forking, implementing fixes, and creating PRs — that purpose legitimately requires git/gh and a GitHub token with repo scope. However, the skill metadata declares no required binaries or environment variables. That omission is an incoherence: consumers would reasonably need to provide GH credentials and have gh/git installed.
!
Instruction Scope
SKILL.md instructs the agent/operator to clone repos, read README.md/CONTRIBUTING.md, implement fixes locally, push branches, and create PRs via gh api — all within scope. However it also instructs setting up a daily cron job that posts a message to a channel (qqbot) using a non-standard 'cron add' invocation. The doc references token behavior but does not declare or limit where credentials should come from or how they are stored. The cron step and the implicit credential usage broaden the runtime scope beyond what's declared.
Install Mechanism
This is an instruction-only skill with no install spec (low file-write risk). Still, it depends on external binaries (gh, git, and an unspecified cron tool). The manifest did not declare these required binaries; users need to ensure these tools are present from trusted sources before running the workflow.
!
Credentials
The skill clearly requires a GitHub token with 'repo' scope for full automation (it even notes this), but the metadata declares no required environment variables or primary credential. That mismatch prevents the platform or user from making an informed decision about providing secrets. Additionally, the cron example references an external channel ('qqbot') and messaging, which may require additional credentials or network hooks that are not disclosed.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does instruct creating local clones and a cron job, but it does not claim to modify other skills or global agent settings. Autonomous invocation is allowed by default (not by the skill), which is expected.
What to consider before installing
This skill's instructions are plausible for automating GitHub contributions, but the package metadata omits important operational requirements. Before installing or running it: (1) require the author to explicitly declare required binaries (gh, git, and the cron tool) and the exact environment variable name(s) (e.g., GH_TOKEN) and scopes needed; (2) avoid supplying a full-privilege personal token — create a minimal machine/service token or use an OAuth flow and restrict to specific repos where possible; (3) verify what the 'cron add' command refers to and whether it will post to an external channel (qqbot) — do not expose messaging/webhook credentials without review; (4) run the workflow in a sandboxed account or repo first to confirm behavior; (5) prefer interactive/manual PR creation if you cannot limit token scope. If the author cannot clarify the missing declarations, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97es9ja2j2gp5vc654f320x05832z09

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments