GitHub Auto Reply
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: github-auto-reply Version: 1.0.0 The skill bundle describes a GitHub auto-reply agent. All files, including the `SKILL.md` instructions, are aligned with the stated purpose of providing automated responses to GitHub issues. The `SKILL.md` contains example GitHub Actions YAML and JavaScript-like logic snippets, which are presented as configuration guidance for the user or as logical behaviors for the AI agent to implement, not as direct malicious commands for the agent to execute. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the OpenClaw agent. The attribution link `sendwealth.github.io` is benign and does not instruct any harmful actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured template or trigger could post unwanted public replies, though the artifact does not show hidden or destructive behavior.
The workflow automatically posts an issue comment whenever a new issue is opened. This is the advertised function, but it is still a repository mutation and may create public-facing output.
on:
issues:
types: [opened]
...
github.rest.issues.createComment({ ... body: reply })Review the reply text, test in a noncritical repository, and consider narrower triggers or manual approval if public replies require review.
The repository's Actions policy could become broader than necessary, and unpinned action versions can change over time.
The setup depends on an external GitHub Action pinned only to a major version and suggests enabling all Actions rather than only the needed action.
uses: actions/github-script@v6 ... 仓库 Settings > Actions > Allow all actions
Pin the action to a trusted immutable version or commit SHA, and prefer allowing only the required trusted Actions instead of enabling all Actions.
The workflow needs permission to write issue comments, and broad default GitHub token permissions may grant more access than this task needs.
The workflow uses GitHub API authority from the Actions runtime to write issue comments. This is expected for the integration, and no token logging or unrelated credential use is shown.
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: reply
});Add an explicit least-privilege permissions block, such as issue-comment write access only, and avoid using personal tokens for this workflow.