Fork Manager
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill matches its fork-management purpose, but it can use git/GitHub access, spawn worker agents, and automatically update or push branches when configured.
Install only if you are comfortable with an agent using git and GitHub CLI to change branches in configured repositories. Start with manual/status runs, verify your repo config and GitHub account, keep auto-resolve and cron mode off until tested, and protect production branches with normal GitHub safeguards.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A configured cron/full-sync run could update or push branches automatically, which may affect CI, collaborators, or deployments tied to those branches.
The skill can run git/gh workflows that rebase and push branches without interactive prompts when intentionally used in cron mode. This is expected for automated fork syncing, but it can change remote repository state.
Cron Mode ... Skip interactive prompts ... Rebases: attempt automatically ... If rebasing 20+ PRs, batch push at the end instead of per-branch
Use this only on repositories and branches where automated rebasing/pushing is acceptable; consider branch protection, backups, and manual review for production branches.
Repository operations may continue in a worker session rather than directly in the main chat, reducing immediate visibility into every command.
The skill instructs the main agent to spawn a worker subagent, monitor it, kill/restart it if stalled, and retry up to two times. This is disclosed and bounded, but it gives the workflow more autonomous execution behavior.
A skill NUNCA deve ser executada inline pelo agente principal. Sempre usar o padrão orchestrator/worker ... sessions_spawn ... Máximo de 2 retries
Monitor spawned sessions, review their history/output, and avoid using cron or auto-retry modes on sensitive repositories unless you are comfortable with unattended execution.
The skill may act with the permissions of whichever GitHub account and git remotes are configured locally.
Git and GitHub CLI commonly use the user's existing local GitHub login, SSH keys, or git credentials for API access and pushes. That access is expected for this skill's purpose.
Requires Git and GitHub CLI (gh).
Before running, verify `gh auth status`, repository remotes, and branch targets so the skill uses the intended account and fork.
Local configuration and history could reveal repository paths, workflow details, and maintained patch information if accidentally shared or committed.
The skill keeps persistent per-repository state such as local paths, PR lists, and sync history. This is purpose-aligned but should be treated as local private context.
config.json files are not versioned in Git ... Contains environment-specific information (local paths, PR lists, sync history)
Keep `repos/*/config.json`, checkpoints, and history files out of public repositories and review them before sharing the skill directory.