Skillv1.0.0

ClawScan security

🤖 GitHub自动管家 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 1:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to fully automate GitHub management “无需API Key” but provides no code, no auth flow, and no concrete runtime instructions—its stated capability doesn't match the minimal artifacts provided.
Guidance: Do not install or hand over credentials yet. Before using this skill, ask the publisher for: (1) the exact authentication flow (how it will access your GitHub—OAuth, PAT, browser automation, or a third-party service), (2) the install source and a link to the code you can review, and (3) the network endpoints it contacts. Prefer skills that require a GitHub token stored by you (not the skill) or that use OAuth through GitHub's official flow. If the publisher cannot provide verifiable source code and a clear auth model, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill's name/description promise full GitHub automation (repos, PRs, issues, CI/CD) but the package declares no required binaries, no environment variables or credentials, and no code. Genuine automation of GitHub typically requires authentication (token/API key) or explicit instructions to use the user's browser/CLI; none are present. This mismatch suggests the claim is not supported by the supplied materials.
Instruction Scope: concernSKILL.md is extremely high-level: it only advertises a calibration framework and an install command. It contains no runtime steps for authenticating to GitHub, no commands/HTTP calls, and no guidance about what data will be read or sent. That vagueness grants broad implementation freedom and could hide unexpected behaviors or later prompts requesting credentials.
Install Mechanism: noteThere is no install spec included in the skill bundle (lowest static risk). However SKILL.md suggests running 'clawhub install github-auto' which would fetch code from the platform/registry; because the skill bundle here contains no runtime code, installation could pull additional code from external sources not visible in this package. That external fetch is the primary installation risk.
Credentials: concernNo environment variables, credentials, or config paths are declared despite the need for GitHub auth to perform the advertised tasks. The absence of a declared primary credential or any required TOKEN/KEY is disproportionate to the claimed functionality and unexplained.
Persistence & Privilege: okThe skill does not request always-on presence, and defaults for invocation are normal. Nothing in the bundle indicates it modifies other skills or system-wide settings.