Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GitHub 智能代码审查与 CI/CD 自动化
v1.0.0GitHub 智能代码审查与 CI/CD 自动化完整工作流。 场景:收到 PR 或提交代码时,自动完成 AI 代码审查(bug/安全/逻辑问题), 并根据审查结果智能生成或推荐 GitHub Actions CI/CD 工作流。 触发词:代码审查、review PR、生成 CI/CD、GitHub Actions...
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: the SKILL.md describes collecting PR/repo info via the gh CLI, running an AI review, and generating GitHub Actions workflows. Declared dependencies (gh, quack-code-review, github-actions-generator) are coherent with the stated purpose.
Instruction Scope
Instructions are mostly narrow and limited to repository- and PR-scoped operations (gh pr view/diff, analyze pr-diff.txt, generate workflows, post PR comments). However, the SKILL.md contains unicode control characters (prompt-injection signal) which may be attempting to hide or manipulate runtime prompts/behavior; this is a red flag because it can alter how the agent executes or interprets instructions. Also the skill implicitly requires authenticated gh access but does not explicitly declare required auth/env vars.
Install Mechanism
Instruction-only skill (no install spec, no code files to execute). Lowest install risk. It assumes external CLIs/tools are present but does not fetch or install code itself.
Credentials
The skill requests no environment variables in metadata, which is consistent with being instruction-only. In practice it requires an authenticated gh CLI (GITHUB_TOKEN or gh auth login) to read/write PRs and post comments; that credential access is appropriate for the purpose but is not explicitly declared. Also it relies on third-party skills/tools (quack-code-review, github-actions-generator) — their required credentials/permissions are not described here and should be verified.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not request permanent presence or system-wide configuration changes. It does post PR comments (expected behavior) but does not request elevated agent privileges in metadata.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode invisible characters were detected in SKILL.md. This is not expected for a straightforward automation/instruction document and can be used to hide or manipulate prompts or to alter parsing. Inspect the raw SKILL.md for hidden content or remove control characters before trusting the skill.
What to consider before installing
This skill is coherent with its stated goal (it uses the gh CLI to fetch PR data, calls an AI reviewer, then generates workflow files and posts PR comments). Before installing or enabling it: 1) review the raw SKILL.md/README for hidden characters (the scan found unicode control chars) and remove or ask the author to explain them; 2) verify and trust the third-party tools referenced (quack-code-review and github-actions-generator) — confirm their source and permissions; 3) ensure the GitHub credentials used (gh auth / GITHUB_TOKEN) have minimal scopes (repo actions as needed) and are not shared broadly; 4) test the workflow in a sandbox repo (no secrets) to confirm it only reads repository data and posts intended comments; 5) if you need higher assurance, ask the publisher for a homepage/origin and source code for the referenced tools. If any of these checks fail or the author cannot explain the control characters and third-party tooling, avoid enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97emg9nvbjzm7cqq3rvw7gbrx84sa12
License
MIT-0
Free to use, modify, and redistribute. No attribution required.