https://clawhub.ai/api/v1/skills/pylinter-assist/file?path=SKILL.md&version=0.6.3
github.com/clawhub.ai/pylinter-assist
Scanned Thu, 28 May 2026 17:03:43 GMT
Scan ID crawl-v8mbzlrc2woyyk19uac8etkz · 1ms
F
SCORE 0 / 100
Verdict: Do not install

8 critical findings.

This skill exfiltrates environment secrets ($GITHUB_TOKEN) plus 10 other issues listed below.

8 critical2 high1 medium1 rules passed

Why grade F?

score · 0 / 100

The current grade reflects 8 critical findings (any 2+ CRITs → F).

8 CRIT2 HIGH1 MED0 LOW
To reach a higher grade
  • D
    Reach Dtarget score 30

    Resolve 7 of your 8 CRIT findings — any single CRIT still keeps you at D.

  • C
    Reach Ctarget score 55

    Resolve all 8 CRIT findings.

  • B
    Reach Btarget score 75

    Resolve all 8 CRIT.

  • A
    Reach Atarget score 95

    Resolve all 8 CRIT + all 2 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 303CWE-200
301
302**REST API:**
303> **Security note:** The token passed via `-H "Authorization: token $GITHUB_TOKEN"` mustreferences $GITHUB_TOKEN — potential credential leak
304> be a Personal Access Token or a fine-grained token scoped to `actions:write`. Never
305> hard-code the token value in scripts; always expand it from an environment variable.
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 309CWE-200
307```bash
308curl -X POST \
309 -H "Authorization: token $GITHUB_TOKEN" \references $GITHUB_TOKEN — potential credential leak
310 https://api.github.com/repos/OWNER/REPO/actions/workflows/lint-pr.yml/dispatches \
311 -d '{"ref":"main","inputs":{"pr_number":"42","format":"markdown","post_comment":"true"}}'
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 366CWE-200
364```bash
365# Basic monitoring - download report only
366lint-pr monitor owner/repo --token $GITHUB_TOKENreferences $GITHUB_TOKEN — potential credential leak
367
368# Monitor with timeout and custom polling interval
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 369CWE-200
367
368# Monitor with timeout and custom polling interval
369lint-pr monitor owner/repo --token $GITHUB_TOKEN --timeout 3600 --poll-interval 60references $GITHUB_TOKEN — potential credential leak
370```
371
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 380CWE-200
378```bash
379# Monitor with Telegram notification (tokens visible in process list — use with caution)
380lint-pr monitor owner/repo --token $GITHUB_TOKEN \references $GITHUB_TOKEN — potential credential leak
381 --callback telegram:$TELEGRAM_BOT_TOKEN:$TELEGRAM_CHAT_ID
382
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 384CWE-200
382
383# Monitor with Discord notification
384lint-pr monitor owner/repo --token $GITHUB_TOKEN \references $GITHUB_TOKEN — potential credential leak
385 --callback discord:$DISCORD_WEBHOOK_URL
386
crit
Skill references secret env var $GITHUB_TOKEN
The skill instructions reference `$GITHUB_TOKEN`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.
rule: env-var-harvestingline: 388CWE-200
386
387# Monitor with multiple channels
388lint-pr monitor owner/repo --token $GITHUB_TOKEN \references $GITHUB_TOKEN — potential credential leak
389 --callback telegram:$TELEGRAM_BOT_TOKEN:$TELEGRAM_CHAT_ID \
390 --callback discord:$DISCORD_WEBHOOK_URL
crit
Hardcoded secret detected: AWS access key ID
The skill body contains what looks like a literal `AWS access key ID`. Secrets must be read from the environment, never embedded in a published skill — embedded keys leak the moment the skill is mirrored or indexed.
rule: hardcoded-secretsline: 260CWE-798
258| Hardcoded IP address | HCS003 | ERROR | `HOST = "10.0.0.5"` |
259| Hardcoded localhost URL | HCS004 | ERROR | `"http://localhost:8000"` |
260| AWS/GCP access key | HCS005 | ERROR | `AKIAIOSFODNN7EXAMPLE` |AWS access key ID — must be env-sourced, never inline
261| FastAPI missing docstring | FAD001 | WARNING | `@router.get("/")` without docstring |
262| useEffect missing deps | RUE001 | WARNING | React useEffect with no deps array |
high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 14CWE-78
12This project uses standard **pyenv + pip + venv** — no remote install scripts required.
13
14**Install pyenv (no `curl | sh`):**curl | shell — common in destructive or supply-chain attacks
15
16```bash
high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 168CWE-78
166> **Security warning:** The workflow file you are about to commit runs with your
167> repository's permissions and can access secrets. Read every line of the file before
168> committing. Do not use `curl … | sh` or copy files from a branch tip (`main`) withoutcurl | shell — common in destructive or supply-chain attacks
169> pinning to a reviewed commit.
170
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
Scan another →Share
skillox.io/r/crawl-v8mbzlrc2woyyk19uac8etkz