Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Collab Platform
v1.15.2Unified intelligent agent collaboration platform with shared core and modular design supporting automated GitHub issue tracking and multi-agent workflows.
⭐ 0· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to integrate with GitHub, perform issue monitoring, push commits, and publish to ClawHub, and includes modules that call `git`, the `gh` CLI, and `clawhub`. However the metadata declares no required binaries, no required environment variables, and no config paths. A GitHub/ClawHub-integrating skill would normally require at minimum documentation of expected CLIs and authentication (GITHUB_TOKEN, SSH keys, or gh auth). The absence of these declarations is inconsistent with the code (see agents/*, core/*, agents/agent_b/*).
Instruction Scope
SKILL.md tells the user to run scripts like ./skill.sh and check scripts/check_github_issues.sh but does not mention needing authenticated CLI tools or SSH keys. The runtime code will: call subprocesses that run `gh issue comment`, `git push xiaomili master`, `clawhub publish`, and source pipeline shell scripts (pipeline.sh and many src/*.sh). These instructions and the code can read/write local logs (logs/*) and create state under ~/.openclaw/pipeline, and they post comments to external services — none of which the SKILL.md documents as required credentials or safety considerations.
Install Mechanism
There is no install spec (instruction-only in registry terms), but the package contains many code and shell files that will be installed when the skill is added. The code executes local and external CLIs and sources local pipeline scripts; nothing is downloaded from arbitrary external URLs during install, so install-time risk is moderate, but runtime execution will run shell commands from these files.
Credentials
The code expects to interact with GitHub, push to remotes (e.g., remote name 'xiaomili'), call the `gh` CLI and `clawhub` CLI, and uses a pipeline whose state is placed at ~/.openclaw/pipeline. Yet the registry metadata lists no required env vars/credentials. This is disproportionate: network operations and Git pushes require credentials or authenticated CLIs, so the skill should declare and justify which secrets or keys it needs. Additionally, the skill will use any existing local git/gh credentials and could push to configured remotes if present.
Persistence & Privilege
The skill does not request 'always:true' and does not modify other skills' configs, but at runtime it writes logs (logs/*), state under ~/.openclaw/pipeline, and may push commits to remote repositories. Autonomous invocation is allowed (default); combined with network and git push capability, that increases the blast radius somewhat — however that alone is not a rules violation, just something to be careful about.
What to consider before installing
This package contains real code that will run shell commands and interact with external services (GitHub via `gh`, git push to remotes, ClawHub via `clawhub`, and local pipeline scripts). Before installing or running it: 1) Audit config/git_repositories.json and pipeline_config.json — change any personal remotes (e.g., 'xiaomili') to safe test repositories. 2) Inspect scripts/check_github_issues.sh and the pipeline src/*.sh files to see what network calls or data are read/written. 3) Run in an isolated environment (container or VM) first; do not run on a machine with sensitive git credentials or tokens. 4) If you must run on your system, ensure `gh`/git/clawhub are authenticated with a minimal-scope account or test credentials and remove/unset any SSH keys you don't want used. 5) Note some code has bugs/unsafe patterns (e.g., hardcoded cwd '$(pwd)' in git calls and unguarded subprocess.run usage) — treat this as sloppy engineering that could misbehave. If you need this functionality, ask the author to explicitly document required CLIs and credentials and to add safety checks (dry-run modes, explicit remote names, and confirmation prompts) before performing pushes or publishes.Like a lobster shell, security has layers — review code before you run it.
latestvk9728wxgb8vzhkq2yd94wyh1yh8383nb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.