GitHub Issue Resolver
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its GitHub issue-fixing purpose, but an included PR helper can use your GitHub login to push/create PRs and has unsafe shell command handling.
Use this only on repositories you control and trust. Before installing, verify the GitHub account logged into gh, require explicit approval before any push or PR, and consider fixing or avoiding scripts/create_pr.py until its shell command construction and approval handling are corrected.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed issue title, branch name, or file path could cause local commands to run as the user when the PR helper is used.
branch_name, title, and body_file come from sys.argv and are interpolated into shell commands executed with shell=True, so crafted input could execute unintended local shell commands.
result = subprocess.run(cmd, shell=True, capture_output=True, text=True) ... run_cmd(f"git checkout -b {branch_name}") ... cmd = f'gh pr create --title "{title}" --body-file "{body_file}"'Change subprocess calls to shell=False with argument arrays, validate branch/file inputs, and never pass untrusted issue text directly into shell command strings.
If invoked by the agent, it could push a branch and create a non-draft PR using the user's GitHub access without the explicit approval flow promised in the skill instructions.
The helper directly performs remote push and PR creation instead of routing through the sandbox/guardrail approval gates; the shown PR command also lacks --draft.
run_cmd(f"git push -u origin {branch_name}") ... cmd = f'gh pr create --title "{title}" --body-file "{body_file}"'Route PR creation through the guarded sandbox, require an explicit user confirmation at execution time, validate the target repo/branch, and include --draft by default.
Pushes and PRs will be attributed to whichever GitHub account is logged into gh, and that account's repository permissions determine what the skill can change.
The skill relies on the locally authenticated GitHub CLI account for its GitHub operations.
print("Requires: gh CLI installed and authenticated.") ... run_cmd("gh auth status", check=True)Before use, run gh auth status, confirm the account and token scopes, and only use the skill on repositories where you intend that account to act.
Users may not realize before installation that the skill depends on local GitHub CLI setup and can operate through an authenticated GitHub identity.
The registry metadata under-declares the runtime environment compared with the included scripts, which require local GitHub tooling and authentication.
Required binaries (all must exist): none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Declare required tools such as git/gh and the expected GitHub authentication requirement in metadata or setup instructions.
Local audit files may contain snippets of private or proprietary code changes after the skill runs.
The audit logger persists diff contents and action history under a local audit directory.
diff_file = os.path.join(self._today_dir, "diffs", f"issue-{issue_number}-{safe_filename}.patch") ... f.write(diff_content)Review and clean the audit directory when needed, and avoid using the skill on highly sensitive repositories unless this local logging is acceptable.