ClawHub
Code Pluginsource linked

Gh Openclaw Pluginv1.0.0

GitHub Issue collaboration and trigger plugin for OpenClaw.

gh-openclaw-plugin·runtime github-collab·by @cyber-bye
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:gh-openclaw-plugin
Latest release: v1.0.0Download zip

Capabilities

Tags
executes-codeartifact:legacy-zip
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
github-collab

Compatibility

Built With Open Claw Version
2026.3.24-beta.2
Min Gateway Version
2026.3.24-beta.2
Plugin Api Range
>=2026.3.24-beta.2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose is GitHub issue collaboration, and the core behavior matches that purpose: webhook intake, issue assignment triggers, comments, status tracking, and GitHub replies. The concern is that it automatically modifies issue bodies and posts comments through GitHub App credentials, which is high-impact repository authority.
!
Instruction Scope
GitHub issue bodies and comments from external users are forwarded into the agent conversation with imperative framing and without clear untrusted-data separation. That creates a realistic prompt-injection path for anyone who can create or comment on issues in connected repositories.
Install Mechanism
The package uses a normal OpenClaw plugin entry point and a small dependency set, with no install script or hidden setup routine observed. It requires GitHub App private key, webhook secret, app ID, and bot username configuration.
!
Credentials
Network calls to GitHub and local status storage are expected, but the plugin lacks visible repository allowlisting, read-only mode, approval gates, or dry-run controls for authenticated GitHub writes. The admin dashboard also renders issue-derived fields into HTML without escaping, which can expose gateway admins to stored script injection from issue titles or status fields.
!
Persistence & Privilege
It persists active issue metadata to active_issues.json, caches installation tokens in memory, uses the configured private key to mint GitHub installation tokens, posts comments, and patches issue bodies. These are purpose-aligned but privileged and under-scoped.
Scan Findings in Context
[SQP-2] expected: Forwarding issue content to an agent is expected for this plugin, but the artifacts do not show user-facing controls or deployment safeguards for limiting which repositories or commenters can drive the agent.
[SQP-2] expected: Updating GitHub issue bodies for a progress tracker is related to the collaboration purpose, but it happens automatically through authenticated PATCH requests without an approval or read-only mode.
[SSD-1] unexpected: The artifact-backed concern is valid: issue bodies and comments are attacker-controlled collaboration text, yet they are passed to the agent as conversational work instructions rather than clearly delimited untrusted data.
What to consider before installing
Install only if you are comfortable giving this plugin GitHub App authority to read issue content, post comments, and edit issue bodies in installed repositories. Use a tightly scoped GitHub App, restrict installation to specific repositories, disclose AI processing to repository users, and avoid connecting it to agents that can access secrets or perform sensitive actions without human approval.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/cyber-bye/gh-openclaw-plugin
Commit
41d89f7bc717
Tag
41d89f7bc717861aeb1cc5d308fcbf1d55b8b96c
Provenance
No
Scan status
suspicious

Tags

latest
1.0.0