iStore Build OpenClash

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is coherent for adding an OpenClash build workflow, but it asks for broad GitHub repository authority and changes repository-wide Actions permissions.

Install only if you are comfortable giving the agent temporary GitHub repository write authority. Prefer a fine-grained token limited to the target fork, review the workflow contents and permission change before allowing the push, and revoke the token afterward.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

A broadly scoped token can modify repositories and settings; if misused or exposed, it could affect more than the intended workflow setup.

Why it was flagged

The skill asks the user for a GitHub PAT with broad repo scope and uses it for code pushes and repository settings changes.

Skill content

生成了 Personal Access Token（需开启 `repo` 权限） ... Personal Access Token：用于推送代码和设置仓库权限

Recommendation

Use a fine-grained GitHub token limited to the target fork and only the needed permissions, then revoke it after setup.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

The repository can be changed immediately, and future workflows may receive broader write authority than expected.

Why it was flagged

The instructions directly mutate the repository and repository Actions permissions through raw API calls, including enabling PR review approval capability, without requiring a displayed diff or separate confirmation.

Skill content

curl -s -X PUT ... /contents/.github/workflows/build-openclash.yml ... /actions/permissions/workflow ... "default_workflow_permissions":"write","can_approve_pull_request_reviews":true

Recommendation

Require explicit user confirmation after showing the exact workflow file and permission changes; prefer creating a branch or pull request, and avoid enabling PR review approval unless necessary.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Build results depend on whatever the upstream latest release provides at run time.

Why it was flagged

The generated workflow dynamically downloads latest upstream OpenClash release assets without pinning or checksum verification, which is common for this build purpose but depends on upstream release integrity.

Skill content

API_LATEST="https://api.github.com/repos/vernesong/OpenClash/releases/latest" ... curl -fL "$URL1" -o openclash-ipk/luci-app-openclash.ipk

Recommendation

Pin expected versions and verify checksums or signatures when reproducible or high-trust builds matter.