GitHub Bug Report

Name: github-bug-report
Author: markma84

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill hardcodes a GitHub

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

GitHub Bug Report: 向 OpenClaw 官方仓库提交 bug report 的标准化流程。

Actually does

The skill executes a Python script (`scripts/submit_issue.py`) to submit issues, runs `curl` commands to search GitHub issues, and suggests creating cron jobs for follow-up. It interacts with the GitHub API for the `openclaw/openclaw` repository, using both an environment variable `$GITHUB_TOKEN` and a hardcoded Personal Access Token `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` for authentication.

Threat Analysis

AI Agent Traps ↗Scanned 4/17/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction7 findings

SystemicMulti-Agent Dynamics2 findings

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemarkma84/github-bug-report

Registryclawhub

Version1.0.2

PURLpkg:clawhub/markma84/github-bug-report@1.0.2

Downloads49

Source

Repository ↗

SHA-256e53004b89cc8...

SHA-151d71e482705...

MD5f689f6cfa65d...

TLSHe65196fddd34...

Size2,738 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/markma84/github-bug-report

49 downloads

ClawHubDocs

openclaw skills install markma84/github-bug-report

Assessments (2)

AI Agent Traps ↗

Access to sensitive environment variables detectedcriticalcredential theft

Access to sensitive environment variables detected

100% confidenceline 79

$GITHUB_TOKEN

Hardcoded GitHub Personal Access Tokencriticalhardcoded secrets

A GitHub Personal Access Token (PAT) is directly embedded within the skill content, posing a severe risk of unauthorized access to GitHub resources if the skill content is compromised or exposed.

100% confidenceline 94

ghp_F51nSHBKkhWhTfRIKVBJIHmloRSJvi24KFXv

Command Execution via Python Scriptmediumcommand execution

The skill executes a local Python script (`scripts/submit_issue.py`), which could lead to arbitrary code execution if the script is compromised or if user-controlled input is unsafely passed as arguments.

100% confidenceline 53

python3 scripts/submit_issue.py --title "[v1.x.x] Bug标题" --body "内容"

Command Execution via Curl with GitHub APImediumcommand execution

The skill uses `curl` to make external API calls to GitHub, which could be exploited for data exfiltration or unauthorized actions if the command or its parameters are manipulated.

100% confidenceline 55

curl -s "https://api.github.com/search/issues?q=checkpoint+orphan+repo:openclaw/openclaw" -H "Authorization: token $GITHUB_TOKEN"

Cron Job Persistence Mechanismlowpersistence

The skill includes a template for creating cron jobs to schedule future agent actions, which could be abused for persistence or resource exhaustion if not properly controlled.

100% confidenceline 63

{"name": "Bug跟进-#<issue号>", "schedule": { "kind": "cron", "expr": "0 10 * * *", "tz": "Asia/Shanghai" }, ...}

Hardcoded GitHub Personal Access Tokencriticalhardcoded secrets

A GitHub Personal Access Token (PAT) is hardcoded directly in the skill content. This token can be used to authenticate to the GitHub API and may allow unauthorized access to repositories, issue creation, modification, or deletion, and potentially access to private repositories depending on the token's scope.

99% confidenceline 94

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

Credential Exposed in Authorization Header Examplecriticalcredential harvesting

The hardcoded GitHub token is also embedded in an Authorization header template, making it immediately usable for API calls by any agent or user reading this skill. This doubles the exposure risk as it is presented as a ready-to-use credential.

99% confidenceline 98

Authorization: token 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

Autonomous Cron-Based Agent Spawninghighsub agent spawning

The skill instructs the agent to create a recurring cron job that autonomously spawns an agent turn to monitor and interact with GitHub issues without user confirmation. This is a pattern of unbounded autonomous action that bypasses human oversight, and the 'isolated' session target further reduces visibility.

92% confidenceline 68

"payload": {
  "kind": "agentTurn",
  "message": "检查 GitHub issue #<issue号> 是否有官方回复，如果没有，去 bump 一下（留言：Any update?）"
},
"sessionTarget": "isolated"

Recurring Cron Autonomy Abuse Patternmediumautonomy abuse

The skill establishes a daily recurring cron schedule ('0 10 * * *') that triggers agent actions indefinitely. There is no defined termination condition or confirmation step, representing unbounded autonomous execution and potential resource/API quota abuse.

85% confidenceline 63

"schedule": { "kind": "cron", "expr": "0 10 * * *", "tz": "Asia/Shanghai" }

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/markma84/github-bug-report.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/markma84/github-bug-report)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/markma84/github-bug-report"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/markma84/github-bug-report.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/markma84/github-bug-report.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow