gh-modify-pr
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make lasting local code changes and create a commit; remote changes should only happen if you approve a push.
The skill instructs the agent to modify tracked code and create a local commit, with remote push gated on user approval. This is expected for the stated purpose, but users should notice that it can change their working tree and repository history.
`git add <files>` - `git commit -m "<clear message>"` 11. Push only if user asks/approves: - `git push`
Review the diff and commit before approving any push, especially on shared or protected branches.
The skill can access repositories and PR comments available to your configured GitHub credentials.
The workflow relies on the user's GitHub CLI and SSH/git authentication to read PR data and clone repositories. This is purpose-aligned, but it uses the user's existing account privileges.
`gh api repos/<owner>/<repo>/pulls/<number>/comments` ... `git clone git@github.com:<owner>/<repo>.git`
Use it only with a GitHub account and SSH credentials that have the repository access you intend, and avoid running it in repositories where the agent should not make edits.