Sen Dev Patterns
AdvisoryAudited by VirusTotal on Apr 24, 2026.
Overview
Type: OpenClaw Skill Name: sen-dev-patterns Version: 0.1.0 The bundle contains publishing scripts (publish_skill.py and publish_gitee.py) that exhibit high-risk behaviors, including an intrusive credential discovery mechanism that searches for GitHub tokens in environment variables, Git credentials, and VSCode's internal global storage (%APPDATA%\Code\User\globalStorage\github-auth-token). Furthermore, these scripts contain hardcoded usernames ('sinadook' and 'the13ai') in API check endpoints and Git remote URLs, which could lead to code being pushed to unintended accounts if executed. While these scripts are framed as repository management utilities, the automated harvesting of sensitive tokens combined with hardcoded target accounts is highly irregular and poses a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this script is run, it may use an existing GitHub credential from the user's machine to act on their GitHub account without the user explicitly pasting a token for that run.
The script does not only use an explicitly supplied token; it searches local VSCode GitHub auth storage and git credential storage for account credentials. This is not declared in the skill requirements, which list no required credentials.
paths = [os.path.expandvars(r"%APPDATA%\Code\User\globalStorage\github-auth-token")] ... subprocess.run(['git', 'credential', 'fill'], input='protocol=https\nhost=github.com\n\n', ...)
Require an explicit, least-privilege token for publishing, declare the credential requirement in metadata, and remove automatic probing of IDE or git credential stores unless the user clearly opts in.
Running the helper could publicly publish repository contents or change the user's GitHub account state.
The script can create a public GitHub repository and push the current repository contents. Publishing is high-impact and broader than the skill's primary role as a personal development-pattern reference.
data = {'name': repo_name, 'description': description, 'private': False, 'auto_init': False} ... requests.post(f'{GITHUB_API}/user/repos', headers=headers, json=data) ... subprocess.run(['git', 'push', '-u', 'origin', 'master'], ...)Add an explicit confirmation step before creating public repositories or pushing content, document exactly what will be published, and keep publishing helpers separate from the installed skill if ordinary users do not need them.
A Gitee token may remain stored in the local repository configuration after publishing.
The Gitee publisher embeds the access token directly into the git remote URL, which can persist in local git configuration and be exposed through later git tooling or logs.
remote_url = f'https://the13ai:{token}@gitee.com/the13ai/{REPO_NAME}.git' ... subprocess.run(['git', 'remote', 'set-url', 'gitee', remote_url], check=True)Use a credential manager or token prompt instead of embedding tokens in remotes, and document cleanup steps such as resetting the remote URL after publishing.