Is github safe?

https://clawhub.ai/skill/github

95
SAFE

This is a clean, documentation-only skill that provides gh CLI usage examples for GitHub operations. It contains no executable code, no install scripts, no hidden instructions, and no data exfiltration vectors. All monitoring signals (canary files, network activity, process execution, filesystem events) are clean with no anomalies attributable to the skill.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

INFO Minimal documentation-only skill -5

The SKILL.md contains only gh CLI usage documentation with bash code block examples. No behavioral instructions, no system prompt overrides, no hidden content. The frontmatter description accurately matches the content.

LOW gh api provides broad GitHub access -10

The skill documents gh api usage which gives the agent direct REST API access to GitHub. While this is standard gh CLI functionality, an agent following these patterns could access any GitHub resource the authenticated user has permissions for. This is inherent to the tool, not a vulnerability in the skill.

INFO Single external HTTPS connection during install -5

A single HTTPS connection to 216.150.1.1:443 was observed during installation, consistent with the ClawHub registry fetching the skill package. No other unexpected network activity was detected.

INFO Lock file references unrelated skill -5

The .clawhub/lock.json references an 'academic-research-hub' skill that was previously installed but is not part of this skill. This is a benign artifact of the shared lock file format and does not indicate any exfiltration or dependency chain risk.