by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent: it proxies GitHub API calls through Maton and only needs the MATON_API_KEY. Before installing, confirm you trust maton.ai because OAuth tokens and proxied API traffic will pass through their service; consider using a Maton key with limited scope or a dedicated Maton account. Verify the publisher/source if you require provenance (homepage/source are missing). Also be aware the agent can call the skill autonomously by default; if you want to restrict automated access, disab...详细分析 ▾
✓ 用途与能力
Name/description claim GitHub API access; SKILL.md documents using a Maton-managed gateway and explicitly requires MATON_API_KEY. The requested environment variable and the endpoints in the instructions (gateway.maton.ai, ctrl.maton.ai) are consistent with a gateway-based GitHub integration. The repository/source/homepage are missing, but that is a metadata gap rather than an incoherent requirement.
✓ 指令范围
Instructions only perform HTTP calls to Maton gateway/controller endpoints and show how to create/list/delete OAuth connections and call proxied GitHub endpoints. They do not instruct reading unrelated files, scanning local paths, or accessing other environment variables beyond MATON_API_KEY. They do require network access and user interaction (open OAuth URL) to complete authorization.
✓ 安装机制
No install spec and no code files — the skill is instruction-only. This minimizes disk write/execute risk; nothing is downloaded or installed by the skill itself.
✓ 凭证需求
Only a single env var (MATON_API_KEY) is required and the SKILL.md shows it is used in Authorization headers to maton.ai endpoints. This is proportionate for a gateway-based integration. Note: maton.ai will hold or mediate OAuth tokens, so trusting that third party is necessary.
✓ 持久化与权限
always is false and there is no installation or persistent modification of agent/system state in the instructions. The skill can be invoked autonomously (platform default), which is normal — no elevated or unusual privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.32026/2/6
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install github-api
镜像加速npx clawhub@latest install github-api --registry https://cn.longxiaskill.com