Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prompt Request Pipeline
v1.0.0GitHub Issue → auto-implement → PR → review → auto-merge pipeline. Write an Issue with [auto] tag, and the pipeline handles everything: task analysis, implem...
⭐ 0· 438·1 current·1 all-time
byShunsuke Hayashi@shunsukehayashi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to automate GitHub workflows and the runtime instructions do exactly that (clone, branch, edit, commit, push, create PR, review, merge). However the SKILL metadata declares no required credentials or config, while the doc explicitly requires GitHub CLI authentication, SSH write access, an OpenClaw hooks token/endpoint, and a webhook — this mismatch between declared requirements and actual needs is incoherent and materially important.
Instruction Scope
The SKILL.md instructs the agent to perform potentially destructive repository actions (clone repos, run tests, edit code, commit, push, create PRs, and auto-merge) and to read arbitrary files inside the repo (other agents' AGENTS.md, other skills' SKILL.md). It also contains forceful 'You MUST execute' wording that removes human-in-the-loop discretion. Those actions are within the stated purpose but grant broad write/read access to repository contents and could produce unintended changes if misconfigured.
Install Mechanism
No install spec or external binary downloads are included in the skill bundle (instruction-only). That minimizes supply-chain risk from the skill package itself.
Credentials
The runtime requires sensitive capabilities (GitHub CLI auth and SSH push rights, webhook secret for OpenClaw, access to a working directory where repos are cloned) but the skill metadata lists no required environment variables or primary credential. The messageTemplate also sets allowUnsafeExternalContent=true and sends output to an external channel (telegram). These implicit/undeclared requirements and permissive delivery settings increase risk and are disproportionate to what the package declares.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent platform privileges, but it instructs autonomous modification of external repositories (push/PR/merge) when invoked. Autonomous invocation combined with the above undeclared credential assumptions raises operational risk — consider restricting invocation scope and requiring manual approvals.
What to consider before installing
This skill will automatically clone repositories, modify code, commit, push, create PRs, review, and merge — so before installing: 1) Recognize that the SKILL.md assumes GitHub CLI auth, SSH write access, and an OpenClaw webhook token/endpoint even though the skill metadata lists no required credentials — treat those as required and only grant minimal-scoped credentials (deploy key or fine-scoped PAT) on a test repo first. 2) The message template sets allowUnsafeExternalContent=true and delivers to an external channel (telegram); avoid exposing secrets in what the agent posts and restrict destination channels. 3) The instructions say 'MUST execute' — prefer adding a mandatory manual-approval step (or a staging repository) to prevent unintended writes. 4) Test thoroughly in a sandbox repository with limited access and CI protections enabled (branch protection rules, required reviews) before enabling on real repos. 5) Consider removing or auditing any references that let the agent read other skills/agent files if those repositories may contain secrets. If you want, provide the maintainer contact or a provenance/source URL — lack of a homepage/source reduces transparency and increases risk.Like a lobster shell, security has layers — review code before you run it.
latestvk972hg4bw0z7ke28aksshmt2yn81phh5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.