GitHub Issue Finder
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears aligned with finding and analyzing GitHub issues, but users should confirm before any public GitHub actions such as commenting or opening PRs.
Before installing, make sure the GitHub CLI is trusted and logged into the intended account. Treat the skill as read-only unless you explicitly ask it to take contribution actions, and review any comment, branch, push, or PR before it is posted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may treat commenting on issues or submitting PRs as part of the workflow, which could publish content or act under the user's GitHub identity.
These steps include public GitHub contribution actions beyond read-only issue analysis. They fit the contribution workflow, but should not be performed automatically without the user's approval.
Once you've identified a good issue: 1. **Comment on issue** - Express interest, ask clarifying questions ... 7. **Submit PR** - Reference issue, describe changes
Use the skill for discovery and analysis by default, and require explicit confirmation before posting comments, creating branches, pushing code, or opening PRs.
GitHub reads, and any approved follow-on actions, may occur under the currently authenticated GitHub account and may include private repositories that account can access.
The script delegates to the GitHub CLI, which may use the user's logged-in GitHub session and repository permissions. The artifacts do not show credential logging, hardcoded tokens, or unrelated credential use.
result = subprocess.run(["gh"] + args, capture_output=True, text=True, check=True)
Run it with the intended GitHub account, prefer least-privileged access, and review any action that would write to GitHub.
The skill may fail or behave unexpectedly if the expected local tools are missing or point to an unintended installation.
The metadata does not declare required binaries even though the SKILL.md and script rely on tools such as `gh`. This is an under-declared dependency rather than evidence of hidden installation.
Required binaries (all must exist): none; Required binaries (at least one): none
Verify that `gh` and any other referenced command-line tools are installed from trusted sources before using the skill.