GitHub Issue Auto Triage
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for GitHub issue triage, but it asks for broad GitHub access and can automatically change or comment on issues, so users should review its permissions and automation carefully.
Install only if you are comfortable with automated changes to GitHub issues. Use a fine-grained, repo-limited token, test with --dry-run, disable automatic replies/assignments until validated, and check whether private issue content may be sent to DashScope.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A token with full repo access can affect much more than issue triage, especially on private repositories.
The user is instructed to create a GitHub token with full repository permission and read:user access. That exceeds the narrow issue-label/comment/assignment actions the skill needs, and the registry metadata declares no primary credential or required env vars.
选择权限: - ✅ `repo` (完整仓库权限) - ✅ `read:user` ... export GITHUB_TOKEN="your_token"
Use a fine-grained GitHub token limited to the selected repository and Issues read/write permissions only, and update the skill metadata to declare GITHUB_TOKEN, GITHUB_OWNER, and GITHUB_REPO clearly.
Incorrect AI classification or FAQ matching could repeatedly label, assign, or reply to issues without a maintainer reviewing each action first.
The skill is intended to perform recurring automated GitHub issue mutations and replies. This is purpose-aligned, but the documented workflow does not require per-action approval before changing public or team-visible issue state.
定时触发: 每 30 分钟检查新 Issue ... 自动分配负责人 ... FAQ 自动回复 ... 标记为已解决
Run in dry-run mode first, disable auto-reply/auto-assign until rules are validated, and require confirmation or narrow repository/issue filters for production use.
Private bug reports, customer details, or secrets accidentally included in issue bodies could be transmitted to the LLM provider.
The LLM classification path sends the issue title and up to 500 characters of the issue body to DashScope. This is aligned with the AI triage purpose, but users should know private issue content may leave GitHub.
url = 'https://dashscope.aliyuncs.com/api/v1/services/aigc/text-generation/generation' ... 标题:{title}
描述:{body[:500]}Confirm the provider’s data handling terms, avoid processing issues containing secrets, or use keyword-only/local classification for sensitive repositories.
It is harder to verify the publisher, upstream code, and update history before granting a GitHub token.
The registry metadata does not provide a verified source or homepage for a skill that requests GitHub credentials and performs repository mutations.
Source: unknown Homepage: none
Verify the publisher and repository manually before use, and prefer a release with clear source, homepage, version, and dependency metadata.
Users may over-trust the skill because the package itself says it was approved.
The package contains self-reported safety/vetting claims. They may be status documentation, but they should not be treated as an independent approval during installation.
安全审查 ✅ ... 审查结论:SAFE TO INSTALL
Rely on the current registry review and your own permission checks rather than self-asserted safety claims in bundled documentation.