Openclaw Issue
PassAudited by ClawScan on May 10, 2026.
Overview
This is an instruction-only GitHub issue helper that appears purpose-aligned, but users should review generated issues and verify any appeal claims before submitting.
This skill is generally safe as an issue-drafting helper. Before installing or using it, remember that GitHub issues may be public and tied to your account. Review the generated issue text carefully, especially the skill appeal template, and remove any security guarantees that you cannot personally verify.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI method is used, an issue may be created publicly on GitHub without the extra review step provided by the pre-filled URL method.
The skill documents an optional GitHub CLI command that can directly create a GitHub issue. This is purpose-aligned, but it can publish content under the user's account if run.
gh issue create \ --repo openclaw/clawhub \ --title "<title>" \ --body "<body>" \ --label "<label>"
Prefer the pre-filled URL method when possible, or confirm the repository, title, body, and label before running the GitHub CLI command.
Generated or submitted issues may be associated with the user's GitHub account and may be publicly visible.
Submitting issues requires the user's GitHub identity. The artifacts do not show credential collection or storage, but the user should understand that submissions are tied to their account.
- Requires a GitHub account
Use the intended GitHub account and review the final issue text before submitting.
If copied unchanged, an appeal could make unsupported or misleading claims about a flagged skill.
The skill appeal template includes blanket security assurances about another skill. These may be accurate for some appeals, but they are not automatically true for every skill a user might appeal.
## Security Guarantee - ✅ No external file downloads - ✅ No credential theft or exfiltration - ✅ No reverse shells or remote code execution - ✅ No hardcoded API keys or secrets - ✅ All operations are local to the user's machine
Edit the template to match the specific skill being appealed, remove any claims that have not been verified, and include concrete evidence where possible.