Gitcrawl
PassAudited by ClawScan on May 17, 2026.
Overview
Gitcrawl appears to be a coherent GitHub triage helper; the main things to notice are that it installs a Go CLI from the latest module and may use your existing GitHub CLI login for live checks.
This skill looks reasonable for GitHub issue and PR triage. Before installing, verify that you trust the upstream Gitcrawl Go module, understand that @latest can change, and be aware that live GitHub checks may use your existing gh login. Keep human approval for any repository-changing action such as labeling, closing, commenting, reviewing, or merging.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may download and run a version of the Gitcrawl CLI that was not directly reviewed in these artifacts.
The skill installs a runnable CLI from an external Go module using @latest, so the exact installed code may change over time and is not included in the artifact set.
module: github.com/openclaw/gitcrawl/cmd/gitcrawl@latest
Install only if you trust the GitHub source, and prefer a pinned version or review the upstream repository if this will be used in sensitive repositories.
The agent may query GitHub using your configured account and view repository issue or PR details, including private data if your account can access it.
The skill instructs use of live GitHub commands, which may rely on the user's existing GitHub CLI authentication and can read issue/PR content available to that account.
gitcrawl gh --live pr status ... gh pr view <number> --json number,title,state,mergedAt,body,files,comments,reviews,statusCheckRollup
Use a GitHub account with appropriate scope, and require explicit confirmation before any actual commenting, labeling, closing, reopening, merging, or review submission.