GH Monitor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may read issue, PR, and CI information from repositories your GitHub account can access.
The skill is designed to use GitHub CLI authentication and repository access. This is expected for GitHub monitoring, but it means the agent may operate with whatever GitHub permissions are available through the user's gh CLI session.
Setup: gh auth status; gh repo view owner/repo
Use an appropriately scoped GitHub account or token, specify exact repositories when possible, and avoid monitoring private repos unless intended.
If configured, the monitor may run daily and continue sending reminders or alerts.
The skill documents a recurring scheduled check. This persistence is disclosed and aligned with monitoring, but it can continue generating agent activity and notifications until removed.
Daily cron: cron add schedule.cron expr="0 9 * * *" payload.systemEvent "Check GH: new issues/PRs"
Create schedules only when desired, keep the repo and alert scope explicit, and remove the cron entry when monitoring is no longer needed.
Issue, PR, or CI details could be shared through a message or chat destination.
The skill may send repository activity into messages or chat-formatted alerts. That is part of the stated notification purpose, but users should ensure private repo details are not sent to unintended channels.
Alert: message urgent PRs/unmerged. assets/alert-template.md: Slack/Discord format.
Confirm the recipient or channel before sending alerts, and limit alert contents for private or sensitive repositories.
If you later add or run those referenced helpers, their behavior is not covered by the provided artifacts.
SKILL.md references another skill and helper files that are not present in the provided file manifest. There is no instruction to auto-run missing code, so this is a provenance note rather than a concrete unsafe behavior.
Read refs/gh-commands.md + gh-issues/SKILL.md. ## Scripts scripts/check-repo.py: Poll + notify. assets/alert-template.md: Slack/Discord format.
Review any external gh-issues skill, scripts, or alert templates separately before relying on or executing them.