ClawHub

Pull Request

v1.0.1

Create high-quality pull requests with pre-submission validation, maintainer-friendly formatting, and automated quality checks.

2· 696·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description ('Pull Request' guidance) matches the included files (checklist, red-flags, repo-context, templates). There are no unrelated required env vars, binaries, or config paths; all guidance is appropriate for creating maintainable PRs.
Instruction Scope
SKILL.md and the companion files instruct the agent to read repository metadata (CONTRIBUTING.md, CI files, style configs) and to avoid secrets and sensitive paths. The instructions do not direct the agent to collect or transmit data outside the normal PR workflow, nor do they instruct accessing unrelated system files. They explicitly tell the contributor not to include secrets and to disclose AI involvement.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be written to disk or downloaded during install, so there is no installer-related risk.
Credentials
The skill does not request any environment variables, credentials, or config paths. Guidance about repository context is proportionate to the skill's purpose and the files explicitly say not to read secrets (e.g., .env).
Persistence & Privilege
The skill is not marked always:true and does not request persistent system presence or modify other skills. It is user-invocable and may be invoked autonomously by the agent (platform default), which is expected for a guidance skill.
Assessment
This skill is a collection of best-practice instructions and templates for authoring PRs and is internally consistent. Before installing or enabling it: 1) Confirm your agent won't be given automatic write/push permissions to repositories you care about (the skill doesn't request credentials, but an agent could be granted repo access separately). 2) Never use the skill to collect or share private secrets or .env contents—its docs explicitly forbid that. 3) If you plan to let the agent act autonomously, decide whether you want any automatic pushes/PR openings enabled and review prompts/logs before sending them to third parties. Otherwise, this skill appears safe and aligned with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d4x7n4f70bmtfxkfsvzyc8h8124ye

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments