GitHub PR Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate GitHub PR automation skill, but it can keep running, use a broad GitHub token, and change or comment on PRs automatically.
Use this only with a dedicated, least-privilege GitHub token scoped to the target repository. Do not let it force-push, post comments, close issues, delete branches, or make code changes without explicit approval. If you enable scheduled tracking, set an expiry and remove the cron task and tracking files when the PR is done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change code history, update a PR branch, and post public GitHub comments without a clear per-action confirmation step.
The skill instructs the agent to mutate commits, force-push branches, and reply to reviewers as part of automatic PR handling.
DCO 失败自动修复: git commit --amend --signoff --no-edit; git push --force-with-lease origin <branch> ... 提交修复并回复 reviewer
Require explicit user approval before force-pushes, commits, public comments, issue actions, branch deletion, or closing/merging-related actions; limit automation to read-only monitoring unless approved.
A broad token could allow the agent to access or modify more GitHub resources than the single PR the user intended.
The requested GitHub token scopes can grant broad repository and workflow authority, and the artifacts do not bound the token to a specific repository or PR.
echo "<token>" | gh auth login --with-token ... 需要以下权限的 GitHub Personal Access Token: repo, workflow, read:org
Use a fine-grained GitHub token scoped only to the exact repository and permissions needed; avoid classic broad PATs where possible and revoke the token after use.
The agent may continue checking and acting on GitHub after the immediate task is over.
The skill sets up ongoing scheduled monitoring and allows autonomous follow-up actions until the PR is merged, without a clear stop condition or cleanup instruction.
创建 memory/pr-tracking.md 记录初始状态; 设置 cron 定时检查(默认每 2 小时) ... Agent(持续跟踪): 每 2 小时检查 PR 状态 ... 自动处理力所能及的问题
Add an explicit user opt-in for cron setup, a visible disable/cleanup command, an expiry time, and approval requirements for any mutating action performed by the scheduled task.
PR details, user feedback, or reviewer content could persist and influence future behavior if not reviewed.
The skill maintains persistent learning records and may update future instructions from prior task history.
每次执行 PR 管理任务时,记录: 遇到的问题和解决方案; 用户反馈和建议; 可以改进的地方; 新场景的处理方式 ... 定期(每月或每季度)回顾并更新 SKILL.md
Avoid storing secrets or sensitive repository details in tracking files, and require user review before using learned records to update the skill.
Users have less external provenance to rely on and must judge the instructions themselves before granting GitHub access.
There is limited provenance for the skill, and its operational behavior depends on user/agent execution of documented GitHub CLI workflows rather than reviewed package code.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the instructions carefully, verify the skill source if possible, and only install/use the official GitHub CLI from trusted channels.