Scan Report
5 /100
github
Interact with GitHub via CLI. List repositories, issues, and pull requests.
A minimal, documentation-only GitHub CLI wrapper skill with no executable code and no declared dangerous capabilities.
Safe to install
This skill is safe to use. No scripts, code, or sensitive access are present. Ensure users have the `gh` CLI properly scoped to minimize credential exposure.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or inferred |
| Network | NONE | READ | ✓ Aligned | gh CLI makes network calls to GitHub API as an intentional dependency (documente… |
| Shell | NONE | NONE | — | No shell invocation in any file |
| Environment | NONE | NONE | — | No environment variable access observed |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://clawhub.ai .clawhub/origin.json:3 File Tree
3 files · 728 B · 25 lines Markdown 1f · 13L
JSON 2f · 12L
├─
▾
.clawhub
│ └─
origin.json
JSON
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No executable scripts or code files present — pure documentation skill
✓ No credential harvesting, environment variable enumeration, or sensitive path access
✓ No obfuscation (no base64, no eval, no encoded strings)
✓ No supply-chain risk (no package dependencies in the skill package)
✓ No hidden functionality — declared behavior matches what a GitHub CLI wrapper should do
✓ gh CLI tool use is explicitly documented as a dependency