gh-issues
Automates the management of GitHub issues by fetching, fixing, and monitoring PRs using sub-agents for efficient issue resolution.
Install this skill
Security score
The gh-issues skill was audited on May 12, 2026 and we found 26 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 97 | ``` |
Template literal with variable interpolation in command context
| 365 | First, ensure GH_TOKEN is set. Check: `echo $GH_TOKEN`. If empty, read from config: |
Template literal with variable interpolation in command context
| 400 | ``` |
Template literal with variable interpolation in command context
| 405 | ``` |
Template literal with variable interpolation in command context
| 730 | ``` |
Template literal with variable interpolation in command context
| 770 | ``` |
Curl to non-GitHub URL
| 227 | curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user |
Curl to non-GitHub URL
| 665 | curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user | jq -r '.login' |
Access to hidden dotfiles in home directory
| 134 | > "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in the active OpenClaw config path (`$OPENCLAW_CONFIG_PATH`, default `~/.openclaw/openclaw.json`) under `skills.e |
Access to hidden dotfiles in home directory
| 232 | > "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in the active OpenClaw config path (`$OPENCLAW_CONFIG_PATH`, default `~/.openclaw/openclaw.json`) under `skills.e |
External URL reference
| 118 | "https://api.github.com/repos/{SOURCE_REPO}/issues?per_page={limit}&state={state}&{query_params}" |
External URL reference
| 209 | git remote add fork https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 227 | curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user |
External URL reference
| 239 | "https://api.github.com/repos/{SOURCE_REPO}/pulls?head={PUSH_REPO_OWNER}:fix/issue-{N}&state=open&per_page=1" |
External URL reference
| 255 | "https://api.github.com/repos/{PUSH_REPO}/branches/fix/issue-{N}" |
External URL reference
| 449 | git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 468 | https://api.github.com/repos/{SOURCE_REPO}/pulls \ |
External URL reference
| 613 | "https://api.github.com/repos/{SOURCE_REPO}/pulls?state=open&per_page=100" |
External URL reference
| 630 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/reviews" |
External URL reference
| 637 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments" |
External URL reference
| 644 | "https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments" |
External URL reference
| 655 | "https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}" |
External URL reference
| 665 | curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user | jq -r '.login' |
External URL reference
| 798 | git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git |
External URL reference
| 807 | https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments/{comment_id}/replies \ |
External URL reference
| 814 | https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments \ |