Skill Github Daily Ops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This GitHub operations skill is mostly on-purpose, but it can automatically change repositories more broadly and less safely than the description promises.
Use the report-only mode first. Before enabling auto-merge or cron, restrict the GitHub token to specific repositories, ensure branch protections are active, fix the CI/severity checks, and remove or disable the workspace 'git push' behavior unless you explicitly want it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Dependabot PRs could be merged into organization repositories before CI has actually passed or when severity is ambiguous, potentially introducing breakage or unsafe updates.
The auto-merge gate treats absent checks or in-progress checks as acceptable and only explicitly skips HIGH-severity titles, so it does not reliably enforce the advertised rule that only LOW/MEDIUM Dependabot PRs with passing CI are merged.
if (runs.length === 0) return { passing: true }; // No CI = assume ok
const passing = runs.every(r => r.conclusion === 'success' || r.conclusion === 'skipped' || r.status === 'in_progress');
if (severity === 'HIGH') {Do not enable '--merge-dependabot' until the script requires completed successful required checks, skips UNKNOWN/HIGH/CRITICAL severities, verifies severity from GitHub/Dependabot data rather than PR titles, and relies on branch protections or explicit approval.
Running this helper could publish local workspace commits to a configured remote repository without a separate user review step, spreading unintended changes to shared repositories.
The included daily-ops shell workflow automatically pushes existing commits from the default OpenClaw workspace when unpushed commits are present; this workspace-push behavior is not disclosed in SKILL.md's stated report and Dependabot auto-merge workflow.
WORKSPACE="${WORKSPACE:-$HOME/.openclaw/workspace}"
...
if [[ -n "$unpushed" ]]; then
...
if git push 2>&1; thenRemove the automatic workspace push, make it a separate explicitly documented command, or require an interactive confirmation and a clearly scoped repository before pushing.
A token with broad organization or repository write access could let the skill merge PRs or push changes across more repositories than intended.
GitHub credentials are expected for this integration, but the registry metadata declares no primary credential or required environment variable while the code can use that token for repository reads and merges.
| `GITHUB_TOKEN` | GitHub PAT (or reads from `~/.github_token`) |
Use a fine-grained GitHub token limited to the specific repositories and permissions needed; prefer read-only access for report-only use and grant write/merge authority only when auto-merge is deliberately enabled.
The skill may fail unexpectedly or require tools and authenticated CLI state that users did not see in the registry requirements.
The included shell helper depends on 'gh', 'python3', and 'git', while the provided requirements list only 'node'. This is an incomplete runtime contract rather than evidence of a hidden installer.
failed_runs=$(gh run list \ ... run_count=$(echo "$failed_runs" | python3 -c "import sys,json; print(len(json.load(sys.stdin)))" 2>/dev/null || echo 0) ... if git push 2>&1; then
Declare all required binaries and authentication expectations, or remove/document helper scripts that are not part of the supported workflow.