Back to skill
Skillv1.0.0
ClawScan security
GitHub Track · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 3:06 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality matches its description, but there are several mismatches between what it claims and what it actually reads/uses (notably undeclared environment variables, missing dependency/install guidance, and README references to files that aren't present).
- Guidance
- This skill appears to do what it says (track GitHub repos) but has sloppy packaging and some undeclared requirements. Before installing or running it: 1) Inspect scripts (you already have them) and confirm you are comfortable with files being written to ~/.openclaw/workspace/memory. 2) Do not store unrelated secrets in ~/.openclaw/workspace/TOOLS.md; the script reads that file for GITHUB_TOKEN. 3) If you want Slack notifications, the script will post to a hard-coded channel id using OPENCLAW_SLACK_TOKEN — only set that env var if you understand which Slack workspace/channel the token has access to. 4) Install required Python packages (requests, slack_sdk) in an isolated environment before running. 5) Note missing/incorrect metadata: the registry should declare GITHUB_TOKEN and optionally OPENCLAW_SLACK_TOKEN; README references systemd files that are not present. If you need higher assurance, run the scripts in a restricted environment (container or VM) and/or ask the publisher for corrected metadata and the missing service files.
Review Dimensions
- Purpose & Capability
- okName and description (tracking GitHub repos: stars, issues, PRs) align with the included scripts (track.py + daily-report.sh) which call the GitHub API and store per-repo data in ~/.openclaw/workspace/memory.
- Instruction Scope
- noteSKILL.md and README provide concrete curl/python usage limited to GitHub API and local JSON files. However SKILL.md/README instruct storing GITHUB_TOKEN in TOOLS.md and the code reads that file; the skill also optionally sends reports to Slack. Instructions reference creating cron/systemd jobs (persistence guidance) and a systemd service that is not present in the package (inconsistent).
- Install Mechanism
- concernThis is labeled instruction-only with no install spec, yet included Python scripts require external packages (requests, slack_sdk) with no install instructions. That mismatch can cause runtime surprises and indicates the package is incompletely specified.
- Credentials
- concernRegistry metadata lists no required environment variables, but the code expects GITHUB_TOKEN (from env or TOOLS.md) and daily-report.sh will use OPENCLAW_SLACK_TOKEN if present. These credentials are appropriate for the described capabilities, but their omission from declared requirements is an incoherence and a user could inadvertently expose tokens by following README instructions.
- Persistence & Privilege
- noteThe skill stores config/data under ~/.openclaw/workspace/memory and suggests cron/systemd timers to run periodically. It does not request 'always: true' and does not modify other skills' configs. The suggestion to install systemd units (which are referenced in README but not included) is concerning only as incomplete documentation rather than malicious privilege escalation.