GitHub Issues Manager

This skill has useful functionality but contains several inconsistencies you should resolve before use. Things to check before installing or running it with a real GH_TOKEN: (1) Confirm which binaries are actually required: SKILL.md uses curl/git/jq but the registry also requires gh even though the doc says it doesn't use gh. Ensure jq is available or the instructions are updated. (2) Inspect ~/.openclaw/openclaw.json and /data/.clawdbot/openclaw.json (if they exist) to see whether a stored apiKey would be used — the skill will try to read and export tokens from those files, which may expose tokens you did not intend to share. (3) Restrict the GH_TOKEN scope: only grant the minimum required permissions (e.g., repo contents and pull request scopes) and avoid giving broad org/admin rights. (4) Clarify how the skill will authenticate git pushes and PR creation (will it use HTTPS remotes with tokens, gh CLI, or another mechanism?). (5) If you don't want automatic code changes, run with --dry-run first and do not grant the skill unattended/autonomous runs; avoid using watch/cron modes until comfortable. (6) Ask the publisher for a complete and consistent SKILL.md (the provided file was truncated and inconsistent) and for explicit details about where state is stored, how sub-agents are spawned, and what external notifications (e.g., Telegram) require. If you cannot get satisfactory answers, treat this skill as untrusted for repos containing sensitive or production code.