GitHub AI Trends
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: github-ai-trends Version: 1.1.0 The skill bundle is benign. The `SKILL.md` provides clear instructions for the AI agent to execute a local Python script and output its results, without any prompt injection attempts or instructions for malicious behavior. The `scripts/fetch_trends.py` script legitimately interacts with the GitHub API to retrieve trending repositories, optionally using a `GITHUB_TOKEN` from environment variables for higher rate limits. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation. All actions align with the stated purpose of generating GitHub AI trend reports.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a GitHub token, the skill can make GitHub API requests using that token's permissions.
The script can read a GitHub token from an argument or environment variable and send it as an Authorization header to the GitHub API. This is purpose-aligned for rate limits, but users should notice that a credential may be used.
parser.add_argument("--token", default=os.environ.get("GITHUB_TOKEN")) ... headers["Authorization"] = f"Bearer {token}"Use a low-scope GitHub token if needed, avoid broad or personal tokens when possible, and prefer an environment variable over pasting tokens into chat.