Skills
skills/steipete/clawdis/openclaw-ghsa-maintainer/Gen Agent Trust Hub

openclaw-ghsa-maintainer

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements safety protocols by requiring the agent to read SECURITY.md and obtain explicit user permission before performing any publishing actions.
  • [SAFE]: Network operations are restricted to trusted and well-known services (GitHub API and npm registry) for legitimate maintenance purposes.
  • [SAFE]: The use of jq for constructing JSON payloads is a security best practice that prevents shell injection and ensures the integrity of the data sent to the GitHub API.
  • [SAFE]: Sensitive data handling is improved by using mktemp for temporary files and a clean --userconfig for npm commands, ensuring that the agent does not inadvertently expose or rely on local configuration files.
  • [SAFE]: The workflow includes verification steps after execution to confirm the state of the advisory and the correctness of the published content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 04:50 AM