扫描报告
5 /100
github
Interact with GitHub via CLI. List repositories, issues, and pull requests.
A minimal, documentation-only GitHub CLI wrapper skill with no executable code and no declared dangerous capabilities.
可以安装
This skill is safe to use. No scripts, code, or sensitive access are present. Ensure users have the `gh` CLI properly scoped to minimize credential exposure.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem access declared or inferred |
| 网络访问 | NONE | READ | ✓ 一致 | gh CLI makes network calls to GitHub API as an intentional dependency (documente… |
| 命令执行 | NONE | NONE | — | No shell invocation in any file |
| 环境变量 | NONE | NONE | — | No environment variable access observed |
| 技能调用 | NONE | NONE | — | No cross-skill invocation |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser automation |
| 数据库 | NONE | NONE | — | No database access |
1 项发现
中危 外部 URL 外部 URL
https://clawhub.ai .clawhub/origin.json:3 目录结构
3 文件 · 728 B · 25 行 Markdown 1f · 13L
JSON 2f · 12L
├─
▾
.clawhub
│ └─
origin.json
JSON
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No executable scripts or code files present — pure documentation skill
✓ No credential harvesting, environment variable enumeration, or sensitive path access
✓ No obfuscation (no base64, no eval, no encoded strings)
✓ No supply-chain risk (no package dependencies in the skill package)
✓ No hidden functionality — declared behavior matches what a GitHub CLI wrapper should do
✓ gh CLI tool use is explicitly documented as a dependency