gh-issues

Automates GitHub issue management by fetching issues, implementing fixes, and handling PR reviews using sub-agents.

Install this skill

or

21/100

Security score

The gh-issues skill was audited on Mar 8, 2026 and we found 31 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 254

Template literal with variable interpolation in command context

SourceSKILL.md

254

```

medium line 289

Template literal with variable interpolation in command context

SourceSKILL.md

289

```

medium line 376

Template literal with variable interpolation in command context

SourceSKILL.md

376

```

medium line 387

Template literal with variable interpolation in command context

SourceSKILL.md

387

```

medium line 747

Template literal with variable interpolation in command context

SourceSKILL.md

747

```

medium line 755

Template literal with variable interpolation in command context

SourceSKILL.md

755

```

medium line 210

Curl to non-GitHub URL

SourceSKILL.md

210	curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user

medium line 647

Curl to non-GitHub URL

SourceSKILL.md

647	curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user \| jq -r '.login'

low line 82

Access to hidden dotfiles in home directory

SourceSKILL.md

82	cat ~/.openclaw/openclaw.json \| jq -r '.skills.entries["gh-issues"].apiKey // empty'

medium line 117

Access to hidden dotfiles in home directory

SourceSKILL.md

117	> "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in ~/.openclaw/openclaw.json under skills.entries.gh-issues."

medium line 215

Access to hidden dotfiles in home directory

SourceSKILL.md

215	> "GitHub authentication failed. Please check your apiKey in the OpenClaw dashboard or in ~/.openclaw/openclaw.json under skills.entries.gh-issues."

low line 349

Access to hidden dotfiles in home directory

SourceSKILL.md

349	GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-issues"].apiKey // empty') \|\| GH_TOKEN=$(cat /data/.clawdbot/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-is

medium line 378

Access to hidden dotfiles in home directory

SourceSKILL.md

378	GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-issues"].apiKey // empty')

low line 718

Access to hidden dotfiles in home directory

SourceSKILL.md

718	GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-issues"].apiKey // empty') \|\| GH_TOKEN=$(cat /data/.clawdbot/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-is

medium line 749

Access to hidden dotfiles in home directory

SourceSKILL.md

749	GH_TOKEN=$(cat ~/.openclaw/openclaw.json 2>/dev/null \| jq -r '.skills.entries["gh-issues"].apiKey // empty')

low line 101

External URL reference

SourceSKILL.md

101	"https://api.github.com/repos/{SOURCE_REPO}/issues?per_page={limit}&state={state}&{query_params}"

low line 192

External URL reference

SourceSKILL.md

192	git remote add fork https://x-access-token:[email protected]/{PUSH_REPO}.git

low line 210

External URL reference

SourceSKILL.md

210	curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user

low line 222

External URL reference

SourceSKILL.md

222	"https://api.github.com/repos/{SOURCE_REPO}/pulls?head={PUSH_REPO_OWNER}:fix/issue-{N}&state=open&per_page=1"

low line 238

External URL reference

SourceSKILL.md

238	"https://api.github.com/repos/{PUSH_REPO}/branches/fix/issue-{N}"

low line 431

External URL reference

SourceSKILL.md

431	git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git

low line 450

External URL reference

SourceSKILL.md

450	https://api.github.com/repos/{SOURCE_REPO}/pulls \

low line 595

External URL reference

SourceSKILL.md

595	"https://api.github.com/repos/{SOURCE_REPO}/pulls?state=open&per_page=100"

low line 612

External URL reference

SourceSKILL.md

612	"https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/reviews"

low line 619

External URL reference

SourceSKILL.md

619	"https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments"

low line 626

External URL reference

SourceSKILL.md

626	"https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments"

low line 637

External URL reference

SourceSKILL.md

637	"https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}"

low line 647

External URL reference

SourceSKILL.md

647	curl -s -H "Authorization: Bearer $GH_TOKEN" https://api.github.com/user \| jq -r '.login'

low line 783

External URL reference

SourceSKILL.md

783	git remote set-url {PUSH_REMOTE} https://x-access-token:[email protected]/{PUSH_REPO}.git

low line 792

External URL reference

SourceSKILL.md

792	https://api.github.com/repos/{SOURCE_REPO}/pulls/{pr_number}/comments/{comment_id}/replies \

low line 799

External URL reference

SourceSKILL.md

799	https://api.github.com/repos/{SOURCE_REPO}/issues/{pr_number}/comments \

Scanned on Mar 8, 2026

View Security Dashboard

Install this skill with one command

/learn @protocolsage/gh-issues

GitHub Stars 1

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw api backend-developer devops-sre technical-pm product-manager qa-engineer github development product

ProtocolSage/openclaw