GitHub PR Manager
PassAudited by ClawScan on May 10, 2026.
Overview
This skill coherently manages GitHub pull requests, but it uses your authenticated GitHub CLI and includes commands that can create, review, merge, label, or force-push PR-related changes.
Use this skill only in repositories where you intend the agent to help manage PRs. Before any approve, request-changes, merge, auto-merge, label setup, or force-with-lease push, confirm the GitHub account, repository, PR number, branch, and CI status. Review auto-generated PR bodies because they may publish commit messages to GitHub.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong repository, PR, or branch, the agent could approve or merge code, change labels, or push conflict-resolution changes that affect collaborators.
These documented commands can change repository state, publish reviews, merge code, enable auto-merge, or rewrite/update branches. They are aligned with PR management, but they are high-impact operations.
gh pr review <number> --approve --body "LGTM" ... gh pr merge <number> --squash gh pr merge <number> --auto ... git push --force-with-lease
Require explicit user confirmation for approvals, merges, auto-merge, label setup, and any force-with-lease push; verify the repo, PR number, branch, and CI status first.
The skill can act as the currently authenticated GitHub user, including creating PRs and performing review or merge actions where that account has permission.
The skill relies on the user's existing authenticated GitHub CLI session, so actions run with that account's repository permissions.
`gh` CLI installed and authenticated (`gh auth status`)
Use a GitHub account/token with the minimum repository permissions needed, and confirm the active gh account before running mutating commands.
Users may not realize before installation that the skill depends on local command-line tools and an authenticated GitHub session.
The metadata under-declares runtime expectations: the SKILL.md requires authenticated gh CLI access, and the included scripts also depend on gh, git, python3, and bash.
Required binaries (all must exist): none ... Primary credential: none
Declare gh/git/python3/bash and GitHub authentication in metadata; users should verify the included scripts before use.