ClawHub

git-mender

v1.1.0

git-mender — Automatically fix GitHub issues end-to-end: reads the issue, analyzes repository code, implements a fix, and submits a pull request. Use when th...

0· 43·0 current·0 all-time
byt8g@4ydx3906
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to read GitHub issues, analyze a repo, implement fixes, and open PRs. All requested resources and steps (git/gh usage, cloning, local repo access, and PR creation) align with that purpose. It does not ask for unrelated environment variables or secrets.
!
Instruction Scope
The runtime instructions direct the agent to clone repositories, run searches, edit code, run the project's tests/linters, commit, and (with approval) push and create PRs. These actions are expected for this purpose but carry operational risk: running tests or other repo-provided scripts can execute arbitrary code from the target repository. The SKILL.md does require explicit user approval before submitting a PR, which mitigates but does not eliminate risk.
Install Mechanism
There is no remote download/install step; the provided scripts/install.sh only copies SKILL.md into ~/.qoder/skills/git-mender. Installer uses standard, traceable operations and does not fetch arbitrary archives from unknown hosts.
Credentials
The skill requests no environment variables or secrets. It relies on the user's existing git/gh tooling and authentication, which is proportional to performing GitHub clones/pushes. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false and the skill does not request permanent elevated privileges. The installer writes only to a user-scope path (~/.qoder/skills/git-mender/) and does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it will read issues, clone repos, edit code, run tests, and create PRs using your git/gh credentials. Before installing or invoking it: 1) ensure your gh/git are configured and you understand which GitHub account will be used; 2) do not run it against sensitive/private repos unless you trust the agent and environment; 3) review diffs and only approve PR submission when you are satisfied; 4) be aware that running a project's tests or scripts can execute arbitrary code from that repository — consider running in a sandbox or disposable environment if you are unsure.

Like a lobster shell, security has layers — review code before you run it.

automationvk978axygfp4q11xc67yfk88b2x84fqahgitvk978axygfp4q11xc67yfk88b2x84fqahgithubvk978axygfp4q11xc67yfk88b2x84fqahissue-fixvk978axygfp4q11xc67yfk88b2x84fqahlatestvk978axygfp4q11xc67yfk88b2x84fqahpull-requestvk978axygfp4q11xc67yfk88b2x84fqah

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔧 Clawdis

Comments