Pr Triage
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pr-triage Version: 1.0.0 The OpenClaw AgentSkills bundle is classified as benign. Both the `SKILL.md` instructions and the `scripts/triage.py` code are clearly aligned with the stated purpose of triaging GitHub Pull Requests. A strong positive security indicator is the explicit instruction and implementation in `scripts/triage.py` to unset `GH_TOKEN` and `GITHUB_TOKEN` environment variables before executing `gh` commands, preventing accidental use of highly privileged tokens. The skill's boundaries are well-defined, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may act using the GitHub account already logged into the local gh CLI, potentially with broader access than a repo-specific token.
This tells the agent to remove GitHub token environment variables before running gh, which can cause gh to use the user's persistent local GitHub CLI credentials instead. The registry metadata declares no primary credential or required environment variables, so the credential source and scope are under-disclosed.
**ALWAYS use this pattern for ALL gh commands:** ```bash env -u GH_TOKEN -u GITHUB_TOKEN gh <command> ```
Before using it, confirm which GitHub account gh is logged into and whether its permissions are appropriate for the target repository. Prefer a clearly scoped credential flow.
If action mode is used, the agent could publicly comment on PRs or change labels under the authenticated GitHub account.
The optional action mode can post PR comments and add labels. This is related to PR triage and is documented as requiring an explicit flag, but it still mutates GitHub repository state.
If requested with `--action` flag: env -u GH_TOKEN -u GITHUB_TOKEN gh pr comment <NUMBER> --body "This PR appears to duplicate #XXX..." env -u GH_TOKEN -u GITHUB_TOKEN gh pr edit <NUMBER> --add-label "duplicate"
Use report-only mode first, review the recommendations, and only enable action mode when you are comfortable with the exact PR comments and label changes.
Running the script will execute local GitHub CLI commands and access data available to the authenticated gh account.
The helper script executes the local gh CLI. This is central to the skill’s GitHub triage function and uses an argument list rather than shell=True, but users should know it depends on local command execution.
result = subprocess.run(
env_prefix + ["gh"] + args,
capture_output=True,
text=True,
)Ensure gh is installed, authenticated to the intended account, and limited to repositories you want the skill to analyze.
Users may not realize the skill requires the GitHub CLI and its local authentication state until runtime.
The registry metadata says no binaries are required, while the skill documentation and script depend on gh. This is a metadata completeness issue rather than evidence of malicious behavior.
Required binaries (all must exist): none
Declare gh as a required binary and document the intended authentication method and permission scope.