GitHub AI Trends
PassAudited by ClawScan on May 1, 2026.
Overview
This skill coherently fetches public GitHub repository data and formats a leaderboard; the only notable item is an optional GitHub token for rate limits.
This appears safe for its stated purpose. Before using a GitHub token, make sure it has minimal permissions and understand it will be sent to GitHub API requests for higher rate limits.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a GitHub token, the skill can make GitHub API requests using that token's permissions.
The script can read a GitHub token from an argument or environment variable and send it as an Authorization header to the GitHub API. This is purpose-aligned for rate limits, but users should notice that a credential may be used.
parser.add_argument("--token", default=os.environ.get("GITHUB_TOKEN")) ... headers["Authorization"] = f"Bearer {token}"Use a low-scope GitHub token if needed, avoid broad or personal tokens when possible, and prefer an environment variable over pasting tokens into chat.