github-ops

https://clawhub.ai/api/v1/skills/github-ops-v2/file?path=SKILL.md&version=2.0.0

github.com/clawhub.ai/github-ops-v2

Scanned Thu, 28 May 2026 17:06:25 GMT

Scan ID crawl-smjl84d81rm30ahs2c8jhxz4 · 2ms

SCORE 0 / 100

Verdict: Do not install

5 critical findings.

This skill exfiltrates environment secrets ($GITHUB_TOKEN) plus 5 other issues listed below.

5 critical0 high1 medium6 rules passed

Why grade F?

score · 0 / 100

The current grade reflects 5 critical findings (any 2+ CRITs → F).

5 CRIT0 HIGH1 MED0 LOW

To reach a higher grade

D
Reach Dtarget score 30
Resolve 4 of your 5 CRIT findings — any single CRIT still keeps you at D.
C
Reach Ctarget score 55
Resolve all 5 CRIT findings.
B
Reach Btarget score 75
Resolve all 5 CRIT.
A
Reach Atarget score 95
Resolve all 5 CRIT.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

crit

Skill references secret env var $GITHUB_TOKEN

The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 53CWE-200

▾

51# 函数：create_repo

52curl -X POST \

53 -H "Authorization: token $GITHUB_TOKEN" \← references $GITHUB_TOKEN — potential credential leak

54 -H "Accept: application/vnd.github.v3+json" \

55 https://api.github.com/user/repos \

crit

Skill references secret env var ${GITHUB_TOKEN}

The skill instructions reference `${GITHUB_TOKEN}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 62CWE-200

▾

60```bash

61# 函数：push_code

62git remote add origin https://${GITHUB_TOKEN}@github.com/username/repo.git← references ${GITHUB_TOKEN} — potential credential leak

63git push -u origin main

64```

crit

Skill references secret env var $GITHUB_TOKEN

The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 70CWE-200

▾

68# 函数：create_release

69curl -X POST \

70 -H "Authorization: token $GITHUB_TOKEN" \← references $GITHUB_TOKEN — potential credential leak

71 -H "Accept: application/vnd.github.v3+json" \

72 https://api.github.com/repos/username/repo/releases \

crit

Skill references secret env var ${GITHUB_TOKEN}

The skill instructions reference `${GITHUB_TOKEN}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 103CWE-200

▾

101GITHUB_TOKEN=$(cat /home/node/.openclaw/secrets/github_token.txt)

102curl -s -X POST \

103 -H "Authorization: token ${GITHUB_TOKEN}" \← references ${GITHUB_TOKEN} — potential credential leak

104 https://api.github.com/user/repos \

105 -d '{"name":"test-repo","private":false}' | jq '.name'

crit

Skill references secret env var ${GITHUB_TOKEN}

The skill instructions reference `${GITHUB_TOKEN}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 123CWE-200

▾

121GITHUB_TOKEN=$(cat /home/node/.openclaw/secrets/github_token.txt)

122curl -s -X POST \

123 -H "Authorization: token ${GITHUB_TOKEN}" \← references ${GITHUB_TOKEN} — potential credential leak

124 https://api.github.com/repos/sandmark78/v61-docs/releases \

125 -d '{"tag_name":"v1.0.0","name":"v1.0.0"}' | jq '.tag_name'

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-smjl84d81rm30ahs2c8jhxz4