GitHub Issue Resolver
v1.0.0Autonomous GitHub Issue Resolver Agent with guardrails. Use when the user wants to discover, analyze, and fix open issues in GitHub repositories. Triggers on...
⭐ 1· 1.4k·21 current·21 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to discover, analyze, and fix GitHub issues and the provided scripts implement fetching, analysis, sandboxed command execution, guardrail checks, audit logging, and PR creation. No unrelated credentials or network hosts are requested; the pieces (recommend, fetch, analyze, sandbox, create_pr, guardrails, audit) align with the stated purpose.
Instruction Scope
SKILL.md confines actions to repository discovery, cloning, code edits, testing, and PR creation and enforces user approval for destructive actions. Runtime instructions reference only the provided scripts and standard developer tools; the agent will read/write repository files, call the GitHub API (via scripts), and run git/gh/ tests as documented. The guardrails explicitly forbid editing secrets, protected branches, and certain paths.
Install Mechanism
No install spec is provided (instruction-only plus included scripts), so nothing is downloaded or installed by the registry. The code runs with system binaries (git, gh, python, npm, pytest, etc.) that must already be present — consistent with the skill's purpose.
Credentials
The skill declares no required environment variables or credentials. It relies on the local environment's git/gh authentication if pushing/creating PRs (create_pr.py checks gh auth). That is proportionate to a tool that pushes code and creates PRs — no unrelated secrets are requested. Be aware that audit logs and state files will be written to disk and may include contextual data (filenames, diffs).
Persistence & Privilege
always:false (normal) and model invocation is enabled (normal). The skill persists state and audit logs under the skill/repo directory (writes .guardrails-state.json and audit/ session files). This is expected for an audit/logging feature but means local disk will be written to; review retention settings and where logs are stored before use.
Assessment
This skill appears internally consistent with its purpose, but take these precautions before installing or running it:
- Review and test on a non-production repository first. The agent will clone repos, run shell commands, and can push/ create PRs if you approve.
- Ensure you understand and control local git/gh authentication: create_pr.py uses the GitHub CLI and will push using your configured credentials if you approve a push. If you don't want pushes, do not approve git_push/create_pr gates.
- Logs and state are written to the skill directory (audit/ and .guardrails-state.json). These may include diffs and contextual data — check retention and remove any sensitive artifacts.
- The scripts execute shell commands via subprocess with shell=True; the guardrails attempt to sanitize and block dangerous commands, but avoid passing untrusted inputs to the skill and examine the guardrails config if you plan to run on sensitive projects.
- If you require stricter control, populate guardrails.json allowlists (repos) and review command allow/block lists before use.
If you want, I can: 1) point out any exact lines in the scripts that would run commands that need your auth, 2) search for any network endpoints beyond api.github.com, or 3) summarize the guardrail rules that would block modification of sensitive files.Like a lobster shell, security has layers — review code before you run it.
latestvk97fn279gb4dvbyzecs98mz5ms8213yh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.