gh-issues
Automates the management of GitHub issues by fetching, fixing, and monitoring PRs using sub-agents for efficient issue resolution.
Install this skill
Security score
The gh-issues skill was audited on May 28, 2026 and we found 26 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 386 | ``` |
Template literal with variable interpolation in command context
| 753 | ``` |
Curl to non-GitHub URL
| 209 | curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user |
Curl to non-GitHub URL
| 649 | curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user | jq -r '.login' |
Access to hidden dotfiles in home directory
| 82 | cat ~/.openclaw/openclaw.json | jq -r '.skills.entries["gh-issues"].apiKey // empty' |
Access to hidden dotfiles in home directory
| 117 | > "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in ~/.openclaw/openclaw.json under skills.entries.gh-issues." |
Access to hidden dotfiles in home directory
| 214 | > "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in ~/.openclaw/openclaw.json under skills.entries.gh-issues." |
Access to hidden dotfiles in home directory
| 349 | GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null | jq -r '.skills.entries["gh-issues"].apiKey // empty') || GH_TOKEN=$(cat /data/.clawdbot/openclaw.json 2>/dev/null | jq -r '.skills.entries["gh-is |
Access to hidden dotfiles in home directory
| 384 | export GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null | node -e "const fs=require('fs');const d=JSON.parse(fs.readFileSync(0,'utf8'));console.log(d.skills?.entries?.['gh-issues']?.apiKey||'')") |
Access to hidden dotfiles in home directory
| 720 | GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null | jq -r '.skills.entries["gh-issues"].apiKey // empty') || GH_TOKEN=$(cat /data/.clawdbot/openclaw.json 2>/dev/null | jq -r '.skills.entries["gh-is |
External URL reference
| 101 | "https://api.github.com/repos/{SOURCE_REPO}/issues?per_page={limit}&state={state}&{query_params}" |
External URL reference
| 191 | git remote add fork https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 209 | curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user |
External URL reference
| 221 | "https://api.github.com/repos/{SOURCE_REPO}/pulls?head={PUSH_REPO_OWNER}:fix/issue-{N}&state=open&per_page=1" |
External URL reference
| 237 | "https://api.github.com/repos/{PUSH_REPO}/branches/fix/issue-{N}" |
External URL reference
| 430 | git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 449 | https://api.github.com/repos/{SOURCE_REPO}/pulls \ |
External URL reference
| 597 | "https://api.github.com/repos/{SOURCE_REPO}/pulls?state=open&per_page=100" |
External URL reference
| 614 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/reviews" |
External URL reference
| 621 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments" |
External URL reference
| 628 | "https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments" |
External URL reference
| 639 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}" |
External URL reference
| 649 | curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user | jq -r '.login' |
External URL reference
| 781 | git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 790 | https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments/{comment_id}/replies \ |
External URL reference
| 797 | https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments \ |