Skills
skills/sundial-org/awesome-openclaw-skills/read-github/Gen Agent Trust Hub

read-github

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The script scripts/gitmcp.py utilizes npx -y mcp-remote to dynamically download and execute the mcp-remote package from the npm registry at runtime. This practice bypasses static dependency pinning and introduces risks if the registry or package is compromised.\n- COMMAND_EXECUTION (MEDIUM): The skill uses subprocess.Popen to execute system commands. While arguments are passed as a list, the script does not strictly whitelist the MCP server URL, allowing it to connect to arbitrary remote servers provided as input.\n- REMOTE_CODE_EXECUTION (MEDIUM): The use of npx to execute a package that interacts with remote endpoints allows the agent to execute tools defined by potentially untrusted remote MCP servers.\n- PROMPT_INJECTION (LOW): The skill ingests data from GitHub repositories and external URLs without sanitization or boundary markers.\n
  • Ingestion points: fetch-docs, search-docs, search-code, and fetch-url methods in scripts/gitmcp.py.\n
  • Boundary markers: Absent. The script prints raw content from the MCP server directly to the agent context.\n
  • Capability inventory: The skill can execute local commands via subprocess and perform network operations via the mcp-remote bridge.\n
  • Sanitization: Absent. Content from external repositories is processed without filtering.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 02:08 PM