gh-issues — GitHub Issues Orchestrator

Trust Score 60/100

Fetch GitHub issues, spawn automated sub-agents to implement fixes and open PRs, and monitor PR review comments for follow-up fixes.

triggers:/gh-issuesfetch GitHub issuesspawn sub-agentsfix:

GitHub SKILL.md

What it does

A full orchestrator skill that fetches issues from a GitHub repo, performs pre-flight checks, and spawns focused sub-agents to implement fixes and open pull requests. It also monitors PRs for review comments and can spawn review-fix agents to address requested changes. The skill is designed for automated issue triage and fix workflows.

When to use it

Use this skill when you want to automatically process GitHub issues at scale: fetching filtered issues, launching code-fix agents for actionable items, and keeping PRs updated in response to reviewer feedback. It supports cron mode, watch mode, dry-run, and fork-based workflows.

What's included

Scripts: None bundled (has_scripts=false) — integration expects curl/git available in the environment
References: No extra references in the skill folder (has_references=false)
Instructions: Extensive phase-by-phase procedural guidance covering argument parsing, token resolution, fetching issues, confirmation flows, pre-flight checks, spawning parallel sub-agents, results collection, and PR review handling. Includes spawn prompts for sub-agents and detailed constraints.

Compatible agents

Best suited for OpenClaw/OpenAI-style orchestrators and LLM-driven automation platforms that can run shell commands (curl/git) and spawn sub-agents (sessions_spawn).

Audit Summary

GitHub Issues orchestrator skill that fetches issues, spawns sub-agents to implement fixes, and monitors PR review comments. Well-structured 6-phase workflow with detailed instructions for parallel sub-agent spawning, fork mode, and cron operation. No bundled scripts — all logic is in the SKILL.md prompt. Security concerns around embedded token handling patterns and shell injection risks in template variables.

Watch Out

Instructs agents to read GH_TOKEN from ~/.openclaw/openclaw.json and /data/.clawdbot/openclaw.json config files — potential secret exposure in sub-agent prompts
Template variables like {title}, {body} from GitHub issues are interpolated into shell commands without sanitization — shell injection risk
Uses x-access-token:$GH_TOKEN in git remote URLs — tokens can leak via process args
Sets credential.helper to empty string globally (git config --global) — affects all git operations on the host
No scripts to test — pure prompt-based skill

Notes

Comprehensive orchestration skill with good structure. Main security concern is shell injection via untrusted GitHub issue content interpolated into commands — the {body}, {title}, {labels} variables come from external API responses and are used in git commit messages, curl JSON payloads, and shell commands without escaping. The credential.helper global override is also concerning. Token handling patterns expose secrets to sub-agent context and process argument lists.

Information

Repository: agents-collection
Stars: 55
Installs: 0

Trust Score

Overall60

Security45

Code Quality78

Architecture72

Usefulness82

More from agents-collection

Claw Release

Release automation for Claw skills and website. Guides through version bumping, tagging, and release verification.

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

ds-fix — data-science mid-analysis fixer

Orchestrates diagnosis and targeted fixes mid-analysis: diagnose root cause, apply fixes with output-first verification, and update project learnings.

Readwise Reader Document Management

Manage Readwise Reader documents: list, save, search, move, tag, highlight, export and bulk-edit via official and custom CLIs.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Feishu Voice Sender

Convert MP3s and send them as native Feishu voice messages (playable voice clips) to users or groups.

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Back to Skills