ClawHub

GitHub Contributor

v1.0.0

Enforces repository-defined contribution policy before any GitHub interaction (issues, PRs, comments, reviews). Use this skill when the user asks you to enga...

0· 52·0 current·0 all-time
by@therealhesreallyhim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description say it will enforce repo contribution policies before GitHub interactions; the SKILL.md exclusively instructs the agent to locate and follow CONTRIBUTING/CODE_OF_CONDUCT/SECURITY files, check templates, search issues/PRs, and stop if requirements can't be met. There are no unrelated requirements (no extraneous env vars, binaries, or config paths).
Instruction Scope
Runtime instructions stay on-topic: identify repo context, read repository policy files, summarize policy, search existing threads, and enforce templates/pacing. The instructions do not request reading unrelated system files or exfiltrating data. They do assume the agent can access repository contents and GitHub metadata (owner/name, branches, issues/PRs).
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and there is no installer risk.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a policy-enforcement instruction set. Practically, performing the described actions (reading repo files, searching issues/PRs, creating comments/PRs) requires GitHub access provided by the agent/platform (e.g., a GITHUB_TOKEN). The skill does not request or assume any specific token scope—users should ensure the agent's GitHub credentials are appropriately scoped before allowing interactions.
Persistence & Privilege
always:false and no install or persistent configuration changes are requested. The skill does not ask to modify other skills or system-wide settings.
Assessment
This skill appears coherent and low-risk: it only tells the agent how to behave around GitHub interactions and doesn't request secrets or install software. Before enabling it, confirm that your agent/platform already has the right GitHub access (and that that token's scope is limited to what you want). If you expect the agent to act autonomously on your behalf, review the platform's GitHub credential use and consider limiting write permissions so the agent can read repo content and issues but cannot perform destructive actions without your explicit consent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ffg8y5q8a1j5app0d4jjgyx83vwn0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments