gh-modify-pr
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent and purpose-aligned, but it will use your GitHub CLI/git access to read PR comments, edit code, and create a local commit.
Before installing, understand that this skill can use your existing GitHub access to fetch PR review comments, edit local files, and create a git commit. Its instructions are scoped and it says not to push unless you ask or approve, but you should still review the resulting diff and commit before sharing changes remotely.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make lasting local code changes and create a commit; remote changes should only happen if you approve a push.
The skill instructs the agent to modify tracked code and create a local commit, with remote push gated on user approval. This is expected for the stated purpose, but users should notice that it can change their working tree and repository history.
`git add <files>` - `git commit -m "<clear message>"` 11. Push only if user asks/approves: - `git push`
Review the diff and commit before approving any push, especially on shared or protected branches.
The skill can access repositories and PR comments available to your configured GitHub credentials.
The workflow relies on the user's GitHub CLI and SSH/git authentication to read PR data and clone repositories. This is purpose-aligned, but it uses the user's existing account privileges.
`gh api repos/<owner>/<repo>/pulls/<number>/comments` ... `git clone git@github.com:<owner>/<repo>.git`
Use it only with a GitHub account and SSH credentials that have the repository access you intend, and avoid running it in repositories where the agent should not make edits.