ClawHub

Project Progress Tracker

v1.0.2

Analyze Git commits and GitHub issues to evaluate project completion, activity, and health, generating detailed Markdown and ASCII progress reports.

0· 90·0 current·0 all-time
by@zhaog100
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (git commits + GitHub issues → progress reports) align with included modules and required tools. The code only depends on git and the gh CLI as documented; no unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to call analyze_commits(repo_path) and track_issues(owner, repo). The code runs git -C on whatever repo_path you provide and invokes gh to list issues; those operations are expected but mean the skill can read any repository path you point it at and will use whatever gh authentication is configured on the host.
Install Mechanism
No install spec; this is instruction+source code only. No downloads or archive extraction. That is low risk and consistent with a small Python utility.
Credentials
The skill declares no environment variables and doesn't directly read secrets. However, the gh CLI it invokes will use the user's existing gh authentication (stored by gh). This is proportional to the GitHub issue-tracking purpose but users should be aware the CLI may use tokens already present on the machine.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. It performs ephemeral subprocess calls when invoked and doesn't persist new credentials or alter global configs.
Assessment
This skill appears to do what it says: inspect a local git repository and query GitHub issues via the gh CLI and produce reports. Before installing or running it: (1) only pass repository paths you trust (the tool will run git -C on the path you give it); (2) be aware gh CLI will use any GitHub auth already configured on the host—ensure those credentials are intended to be used; (3) run the included tests or inspect the small Python files yourself if you need higher assurance; and (4) run the skill in a sandbox or test environment if you are concerned about running subprocesses on sensitive systems. Overall the package is internally consistent and proportional to its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkfpbqc7dgxhx154jaky7q1838hy6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments