PR + Commit Workflow
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: pr-commit-workflow Version: 1.0.0 The skill is classified as suspicious due to the execution of a shell script (`scripts/build_pr_body.sh`) that reads various environment variables and system information, and the instruction in `references/workflow-commit.md` to potentially execute an arbitrary local 'committer script' if present in the repository. While these actions are plausibly aligned with the stated purpose of collecting environment metadata for auditability and adapting to repo-specific tooling, they represent high-risk capabilities (shell execution, reading environment variables, executing external scripts) without clear malicious intent, thus warranting a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, secrets, internal context, or sensitive project details could be exposed in a PR, including in public repositories.
This directs the agent to retrieve local/persistent prompt history and publish it in the PR body. The scope of what history is included is not tightly bounded, and redaction is left to the agent.
Prefer agent history search tools (`cm`/`cass`, Codex logs, etc.) ... Include the full prompt history verbatim; do not omit prompts. If a prompt contains sensitive info, redact only the sensitive portion
Limit prompt history to the current task, require explicit user review before publishing, redact aggressively, and consider using summaries instead of verbatim prompts.
The agent may create or edit PRs under the user's account as part of the workflow.
The skill instructs the agent to perform GitHub PR mutations. This is purpose-aligned, but it can publish or update repository-visible content.
Use `/tmp` + `gh pr edit --body-file` for updates. Create PR with `gh pr create` if not already open.
Review the branch, PR body, target repository, and visibility before allowing `gh pr create` or `gh pr edit` to run.
Actions may be taken using whichever GitHub account and repository permissions are active locally.
These commands normally use the user's authenticated GitHub CLI session, so the workflow relies on delegated GitHub account authority even though no credential is declared.
gh pr edit --body-file ... gh pr create
Confirm `gh auth status`, the target repository, and the active branch before using the skill.
A user could install a different or changed remote version if they follow the README instead of the reviewed artifact contents.
The README gives a remote clone instruction rather than a pinned install mechanism. The provided artifact set is small and readable, but provenance should be verified before installation.
Install the PR workflow skill from https://github.com/joshp123/pr-workflow-skill — clone it to wherever I keep skills
Install from a verified source or pinned commit, and inspect the files before enabling the skill.