by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill appears to be a legitimate PR workflow, but the published metadata fails to declare that it needs the GitHub CLI and a GH_TOKEN. Before installing or running it: (1) verify you or the agent will only provide a least-privilege GitHub token (restrict scopes to what's necessary, e.g., repo: statuses if possible), (2) prefer running the gh/git commands yourself in a local clone rather than handing your token to an automated agent, (3) confirm the agent will not exfiltrate tokens or run co...详细分析 ▾
ℹ 用途与能力
The skill's stated purpose (create and manage GitHub PRs) legitimately requires Git and the GitHub CLI plus a GitHub token; the instructions reflect that. However, the registry metadata lists no required binaries or environment variables, which is inconsistent with the actual runtime needs.
⚠ 指令范围
SKILL.md instructs the agent/user to run git and gh commands, push branches, create PR bodies in /tmp/pr_body.md, and to obtain/set a GH_TOKEN and GitHub username. Those instructions are within the PR-management purpose, but they reference an environment secret (GH_TOKEN) and local repo operations even though those were not declared in the skill manifest — a scope mismatch that could be surprising to users or to automated policy checks.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files. That reduces risk from hidden downloads or installs; nothing is written to disk by the skill package itself.
⚠ 凭证需求
Although the runtime requires a GitHub personal access token and a username, the skill did not declare any required environment variables or a primary credential. A GH token grants access to repositories and (depending on scopes) can modify code — requesting or using such a token should be declared explicitly and scoped minimally.
✓ 持久化与权限
The skill does not request always: true, does not install persistent components, and is user-invocable. Agent autonomous invocation is allowed by default (disable-model-invocation=false) but that is expected platform behavior and not, by itself, an additional red flag here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/24
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install pr-pilot
镜像加速npx clawhub@latest install pr-pilot --registry https://cn.longxiaskill.com