PR Advocacy
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is aimed at PR upkeep, but it gives the agent ongoing authority to change code, update PRs, use GitHub privileges, and persist memory without clear approval boundaries.
Install only if you are comfortable with an agent monitoring selected PRs over time and potentially acting with your GitHub/repository permissions. Before use, restrict it to specific repositories and PRs, require approval before commits/comments/PR edits, and review or disable persistent memory updates.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change code or PR metadata on your behalf before you review the exact changes.
The skill directs the agent to make source-code changes automatically after interpreting review feedback, without a stated human confirmation, diff review, branch allowlist, or repository boundary.
- Automatically commit changes to the PR branch
Require explicit approval before committing, pushing, commenting, or editing PR descriptions; restrict operation to user-selected PRs and branches; show diffs and proposed messages first.
The skill may act using whatever GitHub/repository privileges are already available in the environment, with no clear account, repo, or permission limits.
The registry declares no credential contract, while the skill's PR viewing, commenting, PR editing, and branch-commit behavior would typically use an authenticated GitHub identity such as an existing gh session or git credentials.
Required env vars: none; Env var declarations: none; Primary credential: none
Declare the required GitHub credential path and scopes, use least-privilege access, require a repository/PR allowlist, and avoid using ambient credentials without user confirmation.
Private PR details, reviewer feedback, or flawed learned patterns could persist and influence future agent behavior.
The skill stores PR state and learned patterns in persistent agent memory, but does not define retention, isolation per repository, what data is stored, or how users can inspect and clear it.
Maintain PR tracking list in workspace memory ... Update core memory with successful advocacy patterns
Store only minimal PR metadata, keep memory scoped per repository, require approval before updating core memory, and provide clear inspect/delete controls.
The agent could keep monitoring and taking PR-related actions over time after the initial request.
The skill requests recurring autonomous monitoring through a heartbeat system. That is related to the stated purpose, but it lacks clear opt-in scheduling, per-PR duration, and stop controls beyond closed/rejected PR handling.
Check PR status every heartbeat cycle (1 hour)
Make background monitoring explicitly opt-in, document the schedule, require user-selected PRs, provide a stop command, and separate monitoring from automatic write actions.