ClawHub

这是我的test3

v1.0.1

Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.

0· 191·0 current·0 all-time
by@yequanzheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description and SKILL.md consistently describe interacting with GitHub via the gh CLI. However, the skill does not declare the gh binary as a required dependency even though all runtime examples use gh; this is a minor omission but worth noting.
Instruction Scope
Instructions are narrowly scoped to running gh commands (PR checks, runs, logs, gh api queries, and JSON output). They do not instruct the agent to read unrelated files, network endpoints, or secrets beyond GitHub usage.
Install Mechanism
No install spec is provided (instruction-only), which is low risk because nothing is written to disk by the skill itself.
Credentials
The skill declares no required env vars, which aligns with its instruction-only nature. Be aware that gh uses the host's GitHub credentials (e.g., GITHUB_TOKEN, gh auth, or credential helpers); running the commands will therefore use whatever GitHub auth is present on the machine/agent. This is expected for a GitHub helper but is a gateway to your GitHub access if the agent is allowed to run commands.
Persistence & Privilege
No persistent or elevated privileges are requested. always is false and the skill does not attempt to modify other skills or system-wide agent settings.
Assessment
This skill simply documents gh CLI commands for GitHub. Before installing: (1) ensure you have the gh CLI installed and authenticated if you want the skill to work — the SKILL.md should have declared gh as a required binary; (2) understand that when the agent runs these commands it will use any GitHub credentials available to gh on the host (GITHUB_TOKEN or gh auth), so only enable the skill for agents you trust; (3) if you want to restrict access, don't authenticate gh in the environment where the agent runs or only allow manual invocation. If you want the author to be clearer, ask them to add a required-binary entry for gh and to explicitly document expected authentication methods.

Like a lobster shell, security has layers — review code before you run it.

latestvk972f7mh38mywt4tk8f2r6rsph837g0rlatest2323vk977m4s1yg4wt6sbdav09wxaw5837jzw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments