ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Github Daily Ops

v1.0.1

Daily GitHub repo health check + safe Dependabot auto-merge. Outputs markdown report.

0· 304·1 current·1 all-time
byZero2Ai@zero2ai-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description promise (GitHub health + safe Dependabot auto-merge) aligns with code that lists repos, checks CI, and merges Dependabot PRs — that part is coherent. However the package metadata only declares 'node' as a required binary while the shipped scripts also rely on the GitHub CLI (gh), python3, and git; the registry does not declare the needed GITHUB_TOKEN/GH_TOKEN credential despite the scripts requiring it. These omissions are disproportionate to the stated purpose and reduce transparency.
!
Instruction Scope
SKILL.md shows running node scripts (report + merge). The included bash scripts (daily-ops.sh) perform extra actions not called out in the top-level docs: they will examine a local WORKSPACE and may git push unpushed commits from that workspace. Pushing local workspace commits is outside the expected scope of a 'repo health report' and can modify remote state beyond merging Dependabot PRs. Also the skill's scripts read ~/.github_token and expect GH_TOKEN/GITHUB_TOKEN — they will access local files and environment for credentials.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or installed automatically. That limits install-time risk. However it still ships runnable scripts that will be executed by the user/agent if invoked.
!
Credentials
The skill requires a GitHub personal access token in practice, but registry metadata does not declare required env vars. The code uses both GITHUB_TOKEN (daily-ops.js) and GH_TOKEN (bash scripts) and will read ~/.github_token — this mismatch increases risk of accidental credential exposure or misconfiguration. A PAT with repo write/merge permissions is required to auto-merge and to push workspace commits; that level of credential is significant and should be declared and limited.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The particularly concerning behavior is not persistence but side-effects: the bash script can push local workspace commits (git push) which modifies remote repositories and may expose or publish local changes. Autonomous invocation is allowed by default for skills, so if you enable auto-run you should be aware of the side-effecting operations.
What to consider before installing
This skill mostly does what it claims (scan repos, report, and merge Dependabot PRs) but has several red flags you should address before using it with real credentials: - Expect to provide a GitHub PAT with repo write permissions. The registry doesn't declare this, but the scripts will fail without it. Use a token scoped as narrowly as possible (repo:status, pull_request, maybe repo if merging) and prefer an org-scoped machine account if possible. - The scripts use both GITHUB_TOKEN (node) and GH_TOKEN (bash) and will try to read ~/.github_token. Ensure you know which token will be used and avoid placing high-privilege tokens in a plaintext file unless you intend to. - The code relies on binaries not declared in the manifest: gh (GitHub CLI), python3, and git (for workspace push). Install these only if you trust the skill. - The included daily-ops.sh will attempt to push unpushed commits from a configured WORKSPACE (default ~/.openclaw/workspace). If you run that script, it may publish local commits you haven't reviewed. Either remove or audit the 'Push workspace commits' section before running, or set WORKSPACE to a safe path. - Consider running the scripts in readonly/report-only mode (--report) first, and test auto-merge behavior on a small set of non-critical repos. Review and possibly remove or sandbox any steps that write to remotes (merge, delete-branch, git push). Given the mismatches and the workspace-push side-effect, treat this skill as 'suspicious' until you fix the declared requirements, unify token handling, and remove or clearly control the workspace push behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9773w62w45ryrvexry9a4rmj1822fj2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments