issue-hunter
v1.0.0Analyze, triage, and select the best issues to work on from GitHub repositories. Scores issues by reproducibility, scope, complexity, and community signal. P...
⭐ 0· 72·0 current·0 all-time
byBijin@sliverp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the actions in SKILL.md: fetching GitHub issues via the gh CLI, scoring them, and writing an analysis document. Required capabilities (gh CLI + GitHub auth) are appropriate for the stated goal.
Instruction Scope
Instructions are generally scoped to issue fetching, scoring, thread reading, and producing `{workspace}/issue-analysis.md`. However, the deep-dive step expects the agent to 'identify relevant source files' and 'search the codebase' but does not specify how to obtain or access the repository source (no explicit git clone or path assumptions). This is a functional gap: the skill assumes either the workspace already contains the repo or the agent will clone it; clarify which is expected.
Install Mechanism
Instruction-only skill with no install steps, no downloads, and no code to execute. This is low install risk.
Credentials
SKILL.md asks the user to authenticate gh and mentions GH_TOKEN as an option, but the registry metadata declares no required environment variables. This is reasonable but inconsistent: the skill will need a GitHub-authenticated gh session (or token) to operate at scale. Users should provide a minimally privileged token (read-only repo/issue scopes) if asked. No other secrets are requested.
Persistence & Privilege
always:false and no install/config changes. The skill writes a single output file to the workspace (`issue-analysis.md`) which is appropriate for its function. It does not request elevated or persistent platform privileges.
Assessment
This skill appears coherent for triaging GitHub issues, but check a few things before installing or running it: 1) Ensure the GitHub CLI (gh) is installed and authenticated. The SKILL.md assumes gh auth or a GH_TOKEN — provide a token with the least privilege needed (prefer read-only issue/repo scopes). Avoid giving broad write/delete scopes. 2) Clarify repository access: the instructions expect the agent to inspect source files but do not include clone steps; confirm whether you must provide the repo in the workspace or permit the agent to clone it. 3) The skill writes `{workspace}/issue-analysis.md` — review generated reports before acting on them. 4) Run the skill in a non-sensitive workspace first to verify behavior. 5) Because the skill may be run autonomously (model invocation not disabled), monitor initial runs and token use; revoke or narrow token scopes if unexpected behavior occurs.Like a lobster shell, security has layers — review code before you run it.
latestvk97691rj5ztn4g8ea3a9vdpbad83hhrs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.