Pr Triage
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s PR-triage purpose is coherent, but it deliberately uses local GitHub CLI authentication while declaring no credential requirement, which could use broader GitHub privileges than a user expects.
Review this skill before installing. Its core PR report generation is purpose-aligned, but make sure the local GitHub CLI is logged into the intended account and has only the permissions you are willing to use. Avoid action mode unless you have reviewed the proposed comments and label changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may act using the GitHub account already logged into the local gh CLI, potentially with broader access than a repo-specific token.
This tells the agent to remove GitHub token environment variables before running gh, which can cause gh to use the user's persistent local GitHub CLI credentials instead. The registry metadata declares no primary credential or required environment variables, so the credential source and scope are under-disclosed.
**ALWAYS use this pattern for ALL gh commands:** ```bash env -u GH_TOKEN -u GITHUB_TOKEN gh <command> ```
Before using it, confirm which GitHub account gh is logged into and whether its permissions are appropriate for the target repository. Prefer a clearly scoped credential flow.
If action mode is used, the agent could publicly comment on PRs or change labels under the authenticated GitHub account.
The optional action mode can post PR comments and add labels. This is related to PR triage and is documented as requiring an explicit flag, but it still mutates GitHub repository state.
If requested with `--action` flag: env -u GH_TOKEN -u GITHUB_TOKEN gh pr comment <NUMBER> --body "This PR appears to duplicate #XXX..." env -u GH_TOKEN -u GITHUB_TOKEN gh pr edit <NUMBER> --add-label "duplicate"
Use report-only mode first, review the recommendations, and only enable action mode when you are comfortable with the exact PR comments and label changes.
Running the script will execute local GitHub CLI commands and access data available to the authenticated gh account.
The helper script executes the local gh CLI. This is central to the skill’s GitHub triage function and uses an argument list rather than shell=True, but users should know it depends on local command execution.
result = subprocess.run(
env_prefix + ["gh"] + args,
capture_output=True,
text=True,
)Ensure gh is installed, authenticated to the intended account, and limited to repositories you want the skill to analyze.
Users may not realize the skill requires the GitHub CLI and its local authentication state until runtime.
The registry metadata says no binaries are required, while the skill documentation and script depend on gh. This is a metadata completeness issue rather than evidence of malicious behavior.
Required binaries (all must exist): none
Declare gh as a required binary and document the intended authentication method and permission scope.