Fetch GitHub issues, create fixes, open PRs, and handle reviews.
The material appears to be an open-source prompt/workflow description rather than a bundled executable; it declares no standalone secrets or third-party endpoints, and the source has very strong community adoption. If a host agent actually follows the workflow, it may involve GitHub authentication, local repo access, gh/git usage, and creating branches/PRs, but those are operational considerations rather than high-risk red flags in the artifact itself.
No separate new secret is declared, but the README explicitly relies on existing GitHub auth: it prefers GH_TOKEN and may also read gh-issues.apiKey from local openclaw config. The credential is sensitive, but this is a normal authentication dependency for GitHub automation, and there is no clear red flag of exfiltrating it to unrelated endpoints.
Although the metadata says 'no remote endpoint,' the documented workflow would access GitHub repos, issues, PRs, and branch data through gh/gh api and may poll reviews. The egress target is consistent with the stated functionality and appears limited to GitHub, with no evidence of unrelated third-party destinations.
The README describes invoking local commands such as gh, git, and jq, and mentions 'spawn background fix agents' and opening PRs. If enacted by a host agent, that implies local command execution and automated development actions. However, this artifact is classified as prompt-only, with no bundled executable code or installer, and there is no clear red flag of permissions beyond its stated purpose.
If followed, the workflow would read local git remote/worktree state and possibly $HOME/.openclaw/openclaw.json and state files, and write a claim file in the state directory; it may also act on repository contents for issue-to-PR automation. These accesses are broadly consistent with the stated function, with no sign of system-wide broad file access or clearly excessive permissions.
The source is an open GitHub repository with extremely high stated community adoption (about 377k stars), which strongly improves auditability and source trust. The license and current maintenance status are not clear from the material, which is an information gap, but not enough on its own to justify a high-risk rating.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "gh-issues" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/skills/gh-issues/SKILL.md 2. Save it as ~/.claude/skills/gh-issues/SKILL.md 3. Reload skills and tell me it's ready
Fetch GitHub issues opened in this repository during the last two weeks, select 5 issues suitable for quick fixes, start background fix agents for each, and automatically open PRs when done.
A list of selected issues, status of each fix task, and links to the created PRs.
Fetch open issues labeled bug and high-priority in the repository, rank them by fix value, choose the top 3 worth addressing, and create a fix PR for each.
A ranked issue list, reasons for selection, and the corresponding fix PRs.
Review the GitHub review comments on this auto-generated PR, summarize required changes, update the code, push a new commit, and reply to resolved comments.
A summary of review comments, implemented changes, and the updated PR status.
Use for issue-to-PR automation. Prefer gh CLI; fall back to gh api only when a high-level command lacks the needed field.
owner/repo: optional; else infer from git remote get-url origin.--label <label>: filter.--limit <n>: default 10.--milestone <title>: filter.--assignee <login|@me>: filter.--state open|closed|all: default open.--fork <owner/repo>: push branches to fork, PR to source.--watch: poll issues + reviews.--interval <minutes>: default 5.--dry-run: list only.--yes: no confirmation.--reviews-only: skip issue fixing; handle PR reviews.--cron: spawn and exit; implies --yes.--model <id>: pass to workers when supported.--notify-channel <id>: optional final notification target.git remote get-url origin
if [ -z "${GH_TOKEN:-}" ]; then
CONFIG_PATH="${OPENCLAW_CONFIG_PATH:-${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/openclaw.json}"
GH_TOKEN=$(jq -r '.skills.entries["gh-issues"].apiKey // empty' "$CONFIG_PATH" 2>/dev/null || true)
if [ -n "$GH_TOKEN" ]; then export GH_TOKEN; fi
fi
gh auth status
gh repo view OWNER/REPO --json nameWithOwner,defaultBranchRef
If gh auth status fails and GH_TOKEN is missing, stop and ask for GitHub auth/config.
Derived:
SOURCE_REPO: issue repo.PUSH_REPO: fork if set, else source.BASE_BRANCH: source default branch unless user says otherwise.PUSH_REMOTE: fork in fork mode, else origin.Stop on dirty worktree unless user confirms that workers should ignore uncommitted changes.
In fork mode, do not mutate remotes before confirmation or during --dry-run.
Verify auth/read access only:
gh auth token >/dev/null || test -n "${GH_TOKEN:-}"
gh repo view "$PUSH_REPO" --json nameWithOwner
git ls-remote --exit-code origin HEAD
Build filters and fetch:
gh issue list --repo "$SOURCE_REPO" --state open --limit 10 --json number,title,labels,url,body,assignees,milestone
Add --label, --milestone, --assignee, --state, --limit as requested. gh issue list already excludes PRs.
If none found: report no matches. If --dry-run: show compact list and stop.
For each candidate:
gh pr list --repo "$SOURCE_REPO" --search "$SOURCE_REPO#<n>" --state open --json number,url,title,headRefName
gh pr list --repo "$SOURCE_REPO" --head "fix/issue-<n>" --state open --json number,url
gh api "repos/$PUSH_REPO/branches/fix/issue-<n>" >/dev/null
Skip candidates with an open PR, existing branch, or active local claim.
Claim file:
${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/gh-issues-<owner>-<repo>.json
Expire claims older than 2 hours. Create the parent directory before writing.
Unless --yes or --cron, ask user to choose:
allcancelAfter confirmation, in fork mode, configure the push remote before handing work to agents:
gh auth setup-git
git remote get-url fork || git remote add fork "https://github.com/$PUSH_REPO.git"
git remote set-url fork "https://github.com/$PUSH_REPO.git"
git ls-remote --exit-code fork HEAD
Launch up to 8 background workers. Do not block on each worker when --cron.
Before each spawn, write a claim for SOURCE_REPO#<n> with the current ISO timestamp. After a worker reports PR/failure, remove or update the claim. This prevents watch/cron overlap before a branch or PR exists.
Worker prompt must include:
SOURCE_REPO, PUSH_REPO, BASE_BRANCH, PUSH_REMOTE, fork mode.fix/issue-<n>.Worker instructions:
Use gh and git. Do not handwave.
Checkout/create fix/issue-<n> from BASE_BRANCH.
Implement minimal fix.
Run relevant tests.
Commit with conventional message.
…
Convert text to speech locally and offline with sherpa-onnx, no cloud needed.
Regenerate OpenClaw release changelog sections from Git history before releases.
Prepare and verify OpenClaw stable or beta releases and release notes.
Automate web page workflows, login checks, tab handling, and recovery steps.
Manage issues, PRs, logs, releases, and repos with GitHub CLI.
Verify an OpenClaw release is fully published and working across all channels.
Search GitHub issues and PRs assigned to you or matching queries.
Review GitHub pull requests in ChatGPT with comments, approvals, and change requests.
Address review and issue comments on the current branch's GitHub PR with gh CLI.
Search and analyze GitHub archive issues, PRs, and repo workflow status.
Connect AI to GitHub to manage repos, issues, PRs, and workflows.
Analyze GitHub pull requests and generate detailed review reports in Notion.