openclaw-github-repo-commander

SUSPICIOUS. The stated purpose broadly matches repo audit/cleanup work, but the footprint includes external-content ingestion and possible GitHub push actions without the actual skill instructions or audit script needed to verify safeguards. No clear credential harvesting or malicious data routing is shown, but missing implementation details and the combination of untrusted GitHub content plus write/push capability make this medium risk rather than benign.