ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

hhdfasf

v1.0.0

Interact with GitHub using the gh CLI for PR checks, workflow run details, logs, API queries, and JSON output filtering.

0· 109·0 current·0 all-time
by@yequanzheng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's description and instructions clearly require the GitHub 'gh' CLI and access to a GitHub repository, but the registry metadata lists no required binaries and no primary credential. A legitimate 'gh'-based skill should declare the gh CLI and indicate required auth (e.g., GH_TOKEN or gh auth).
Instruction Scope
SKILL.md is narrowly scoped to running gh commands (pr checks, run list, run view, gh api, --json/--jq). It does not instruct the agent to read unrelated files or exfiltrate data. However, it implicitly assumes configured GitHub credentials and that gh is available on PATH — assumptions not declared in metadata.
Install Mechanism
There is no install spec (instruction-only), so nothing will be downloaded or written to disk by the skill itself. That lowers risk, but also means the agent must already have gh installed and configured.
!
Credentials
The skill requires access to GitHub (via gh) in practice, which typically requires credentials (GH_TOKEN or gh auth). The metadata declares no env vars or primary credential. This omission is disproportionate: the skill should explicitly request or document needed credentials and recommended scope.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system privileges or modifies other skills. Autonomous invocation is allowed by default (disable-model-invocation: false) but that is normal platform behavior and not by itself flagged.
What to consider before installing
This skill's instructions are straightforward: it runs gh CLI commands to inspect PRs and workflow runs. But the package metadata omits that dependency and any mention of required GitHub credentials. Before installing or enabling it: 1) confirm the agent environment has the gh CLI installed and accessible on PATH; 2) ensure the agent has appropriate GitHub authentication configured (prefer a least-privilege personal access token or gh auth with minimal scopes) rather than supplying broad credentials; 3) consider the unknown source and lack of homepage — prefer skills from known publishers or with verifiable source code; 4) if you don't want the agent to call GitHub autonomously, disable autonomous invocation or avoid giving it credentials. If you want a safer declaration, ask the publisher to update metadata to require the gh binary and to document required auth and token scopes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpsexxqhcpcvxzp05m31ww1837mck

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments