ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub

v0.0.1

Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.

0· 89·0 current·0 all-time
byAlex@yqghlx·duplicate of @makforce/github-1-0-0

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yqghlx/github-test.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub" (yqghlx/github-test) from ClawHub.
Skill page: https://clawhub.ai/yqghlx/github-test
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-test

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-test
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's described purpose (driving GitHub via the gh CLI) matches the instructions. However the skill does not declare required binaries or a primary credential; using gh effectively typically requires the gh binary and GitHub authentication (gh auth / GH_TOKEN). The lack of declared requirements is an inconsistency.
Instruction Scope
SKILL.md only instructs running gh commands and using --repo or URLs. It does not request reading unrelated files, accessing other system paths, or transmitting data to unexpected endpoints. Instruction scope stays within the stated GitHub interactions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so no downloads or installs are performed by the skill itself (lower surface area).
Credentials
The skill declares no required env vars or credentials, but practical use of gh typically requires authentication (interactive gh auth login or GH_TOKEN) and the gh binary on PATH. The omission could be benign (author assumed environment already prepared) or an oversight; it should be clarified before trusting the skill with authenticated operations.
Persistence & Privilege
The skill does not request always:true, no install, and no modifications to other skills or system-wide config are described.
What to consider before installing
This appears to be a simple helper that tells the agent how to run the gh CLI, but there are a few red flags to check before installing: 1) Verify the skill's source/owner — registry metadata (owner/slug/version) does not match the _meta.json inside the package, which could indicate repackaging or mismatch. 2) Confirm you have the gh CLI and appropriate GitHub credentials available; the skill does not declare these but they are required to perform authenticated actions. 3) Prefer skills that explicitly declare required binaries and primary credentials (e.g., GH_TOKEN or gh auth). 4) Because this skill can run gh commands via the agent, avoid granting high-privilege GitHub tokens; use least privilege (scoped tokens) and consider read-only scopes if appropriate. If you cannot verify the publisher or the metadata discrepancy, treat the skill cautiously or request a corrected package that lists required binaries and credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk973k85qvxam49040g7jae672d83zvtr
89downloads
0stars
1versions
Updated 3w ago
v0.0.1
MIT-0
Alex@yqghlx
latest
Download

GitHub Skill

Use the gh CLI to interact with GitHub. Always specify --repo owner/repo when not in a git directory, or use URLs directly.

Pull Requests

Check CI status on a PR:

gh pr checks 55 --repo owner/repo

List recent workflow runs:

gh run list --repo owner/repo --limit 10

View a run and see which steps failed:

gh run view <run-id> --repo owner/repo

View logs for failed steps only:

gh run view <run-id> --repo owner/repo --log-failed

API for Advanced Queries

The gh api command is useful for accessing data not available through other subcommands.

Get PR with specific fields:

gh api repos/owner/repo/pulls/55 --jq '.title, .state, .user.login'

JSON Output

Most commands support --json for structured output. You can use --jq to filter:

gh issue list --repo owner/repo --json number,title --jq '.[] | "\(.number): \(.title)"'

Comments

Loading comments...