Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PR Advocacy
v1.0.3Monitor PR status every 4 hours, promptly address feedback and CI issues, communicate clearly within 24 hours, and drive reviews to timely merge.
⭐ 0· 392·1 current·1 all-time
byAndy Tien@linux2010
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (PR monitoring and advocacy) matches the instructions, but the skill metadata declares no required binaries, env vars, or config paths while the SKILL.md expects tools like gh, git, npm and write access to a user workspace. Declaring no dependencies/configs is inconsistent with the stated capabilities.
Instruction Scope
Instructions direct the agent to run gh and local commands, automatically create and commit fixes to PR branches, and persist a tracking file to a concrete path (/Users/hope/.openclaw/agents/coding/workspace/memory/pr-tracking-list.md). Those behaviors require repository write/push access and filesystem writes and go beyond simple monitoring — the skill can modify code and commit changes autonomously.
Install Mechanism
No install spec (instruction-only), which reduces installation risk. However, SKILL.md implicitly requires command-line tools (gh, git, npm) to be present and authenticated; those requirements are not declared in the registry metadata.
Credentials
The skill metadata lists no required credentials, yet runtime behavior requires authenticated GitHub/GH CLI access and permission to push commits. The SKILL.md also uses a hard-coded absolute path under /Users/hope which may not match the installer's environment and indicates implicit access to the user's workspace without being declared.
Persistence & Privilege
always:false (ok) but autonomous invocation is allowed (platform default). Combined with instructions to auto-commit changes, write persistent tracking files, and run hourly heartbeat flows, this creates a high-impact capability if the agent is allowed to run without explicit user confirmation.
Scan Findings in Context
[no_regex_findings] expected: The scanner found no code to analyze because this is an instruction-only skill. That explains the lack of findings but does not mitigate the instruction-specified risks (filesystem writes, git pushes, CLI usage).
What to consider before installing
This skill will (per its instructions) run gh/git/npm commands, modify repository branches, and write a tracking file to a hard-coded home path — yet the registry metadata does not declare the required binaries, credentials, or config path. Before installing: 1) Verify you want an automated agent that can commit and push changes; prefer a bot account with limited repo scopes rather than your personal credentials. 2) Confirm GH CLI/git/npm availability and how authentication will be provided (GH_TOKEN or gh auth), and require the skill to declare those env vars. 3) Fix the hard-coded path: update it to a configurable, relative path or prompt for the correct location. 4) Consider disabling autonomous invocation or require explicit approval before any commit/push. 5) Test in a sandbox repository first. If the author cannot justify the undeclared dependencies and the hard-coded filesystem access, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
automationvk975zzys86xjw2c3yg4h85efy9826btpgithubvk975zzys86xjw2c3yg4h85efy9826btplatestvk975zzys86xjw2c3yg4h85efy9826btpprvk975zzys86xjw2c3yg4h85efy9826btpreviewvk975zzys86xjw2c3yg4h85efy9826btptrackingvk975zzys86xjw2c3yg4h85efy9826btp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.