tester_skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent, but it should be reviewed because it can use your authenticated GitHub account to let agents and sub-agents make repository changes with little stated approval or scope control.
Use this skill only on repositories where you are comfortable with automated assistance, and configure it with a least-privilege GitHub token limited to the intended repo. Require manual approval before creating PRs, posting comments, changing code, or spawning sub-agents, and treat all GitHub issue text as untrusted input.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or careless issue description could redirect the sub-agent away from the user's intended fix and cause unwanted repository actions.
The sub-agent task is built directly from GitHub issue title and description text, which may be written by untrusted issue authors. The skill does not instruct the agent to treat that content as data rather than instructions.
spawn_subagent(
task=f"Fix GitHub issue #{issue_number}: {title}. {description}"
)Treat issue content as untrusted, quote it as data, and require explicit user approval before any sub-agent makes code changes, comments, or PRs.
The agent could publish comments, create issues or PRs, or make repository changes under the user's account before the user reviews them.
The skill describes autonomous use of repository-changing capabilities, including PR creation and comment responses, but does not define approval gates, dry-run behavior, repository limits, or rollback/containment.
This skill enables autonomous issue management on GitHub repositories. It can: - Spawn sub-agents to work on fixes - Create PRs with automated descriptions - Track PR review status and respond to comments
Use only with explicit approval steps for every write action, restrict it to intended repositories/branches, and require the user to review generated PRs and comments before posting.
If the active GitHub credential has broad access, the agent may be able to act across more repositories or organizations than the user intended.
The skill relies on an authenticated GitHub CLI or token, but the artifacts do not specify required scopes, least-privilege token guidance, or which repositories the credential may access.
- `gh` CLI must be authenticated (`gh auth status`) ... export GITHUB_TOKEN="ghp_xxx" # Or use gh auth
Use a least-privilege GitHub token limited to the target repository and avoid running it with a broadly privileged personal or organization account.
Users may not realize from metadata alone that the skill depends on a locally authenticated GitHub CLI.
The dependency and authentication requirement are disclosed in SKILL.md, but the registry metadata lists no required binaries, environment variables, or primary credential, so automated install/capability review may understate what is needed.
- Requires `gh` CLI installed - Authentication handled via `gh auth`
Declare the gh binary and GitHub credential expectations in metadata, and document safe setup with least-privilege tokens.
Private repository information or issue details could be exposed to sub-agents with unclear permissions, and those sub-agents may act with the user's GitHub authority.
The skill delegates repository work and issue content to sub-agents, but the artifacts do not describe sub-agent identity, permission boundaries, data handling, or whether private issue/repository details are shared further.
- Spawn sub-agents to work on fixes
Define sub-agent permissions, limit what issue/repository data is shared, and require user approval before a sub-agent receives sensitive content or performs writes.