ClawHub

gitload

v1.0.0

This skill should be used when the user asks to "download files from GitHub", "fetch a folder from a repo", "grab code from GitHub", "download a GitHub repository", "get files from a GitHub URL", "clone just a folder", or needs to download specific files/folders from GitHub without cloning the entire repo.

3· 2.9k·7 current·7 all-time
by@waldekmastykarz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (fetching files/folders from GitHub) is coherent with the instructions (using a gitload CLI to call the GitHub API). However the skill metadata declares no required binaries or env vars, while the SKILL.md clearly assumes availability of node/npm/npx and optionally the gh CLI and GITHUB_TOKEN; that metadata mismatch reduces trust in the manifest.
!
Instruction Scope
The runtime instructions direct the agent (or user) to run npx gitload-cli or install an npm package and to supply tokens via --token or GITHUB_TOKEN. npx executes code downloaded at runtime and the guidance to pass tokens on the command line (--token ghp_xxxx) can expose secrets (process lists, shell history). The instructions do not provide guidance for verifying the npm package source or minimizing token exposure.
!
Install Mechanism
There is no bundled code; the SKILL.md instructs using npx or npm install to fetch gitload-cli from the npm registry. Running npx executes third‑party code on demand (supply‑chain risk). The manifest offers no vetted release URL, checksum, or guidance to review the package, which increases risk compared with a bundled or well‑documented release.
!
Credentials
The skill metadata declares no required environment variables, but the documentation references GITHUB_TOKEN and passing tokens explicitly. Requesting a GitHub token is proportionate for private-repo access, but the instructions suggest insecure usage (inline --token) and do not limit or recommend minimal scopes. The mismatch between declared env requirements and documented token use is a red flag.
Persistence & Privilege
The skill is instruction-only and does not request persistent presence or special agent privileges (always:false). Autonomous invocation is allowed (platform default); combined with the instruction to run npx, that means the agent could autonomously download and execute an npm package when invoked — consider the increased blast radius if used autonomously.
What to consider before installing
This skill appears to do what it says (download GitHub files), but exercise caution before installing or giving it tokens. Specific recommendations: - Verify the upstream gitload-cli package: check the npm page and the package's GitHub repo and maintainers before running npx. - Prefer using the gh CLI or an environment variable with minimal-scope tokens (repo scope only) instead of passing a token on the command line (avoid --token inline to prevent leaking via process lists or shell history). - If you must use this in an automated agent, run it in an isolated environment (container or sandpit) so npx-run code is contained. - Ask the publisher to update the skill metadata to list required binaries (node/npm/npx, optionally gh) and to document secure token handling. If you cannot verify the npm package or maintainers, treat this as untrusted and avoid running it on environments with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk972wax7xvjnff3pb3f7svfzds7z13y5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments