ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Product Manager

v1.0.5

Turn analytics and customer signals into prioritized product decisions, PRD drafts, experiment plans, and implementation-ready GitHub backlog issues or draft...

0· 60·0 current·0 all-time
by@wotaso-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match declared requirements: analyticscli and node are reasonable for analytics extraction and local runners, and GITHUB_TOKEN is expected to create issues/PRs. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md instructs the agent to run analyticscli commands, detect git remotes, and optionally create GitHub issues/PRs (gated by explicit config). It also references local bootstrap scripts under skills/<slug>/scripts and expects certain JSON summaries (analytics_summary.json, etc.), which are relevant. Minor scope oddity: the startup protocol tells the agent to run workspace bootstrap scripts if present — this attempts to execute workspace-local scripts and assumes they exist. It also says 'never block on helper files' which is permissive but not harmful by itself.
Install Mechanism
Instruction-only skill — no install spec, no downloads, and no files to write. Lowest install risk.
Credentials
Declared required env is a single GITHUB_TOKEN (primaryEnv) which is appropriate. SKILL.md references additional optional tokens (ANALYTICSCLI_READONLY_TOKEN) as recommended, which is consistent. One inconsistency: the recommended GitHub token scopes in the doc mention 'Contents: Read' while the skill can create draft PRs/issues — creating PRs or pushing commits typically requires write-level repo scopes. Confirm the exact minimal scopes you will grant and prefer a fine‑grained token limited to only the target repo and minimal permissions.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent, system-wide privileges or to modify other skills' configs. Autonomous invocation is allowed by platform default but not combined here with other red flags.
Assessment
This skill appears coherent for turning analytics into PRDs and generating GitHub issues/PRs, but review a few things before enabling it: 1) Use a fine‑grained GITHUB_TOKEN limited to the specific repo and the minimal scopes required — if you plan to create or push code/PRs, ensure the token has the necessary write scopes; otherwise keep PR/issue auto-create disabled. 2) Verify the analyticscli binary you have on PATH is the expected, trusted tool and that any analytics tokens (if used) are read-only. 3) The skill may attempt to run workspace-local bootstrap scripts if present — inspect any such scripts in the repository before allowing the agent to run them. 4) Test in a non-production repository or with auto-create flags disabled so you can confirm outputs without changes being made. If you want higher assurance, request the author to clarify exact GitHub scopes required and provide a manifest of any workspace scripts the skill expects to execute.

Like a lobster shell, security has layers — review code before you run it.

latestvk979vdk84gs7y3y30q8ddrrn3n84d80t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📌 Clawdis
Binsnode, analyticscli
EnvGITHUB_TOKEN
Primary envGITHUB_TOKEN

Comments