← Back to Skills Marketplace
iamkalio

GitHub Chat Assistant (Whatsapp)

by iamkalio · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
906
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-chat-ops
Description
Manage a single GitHub repository via chat for non-technical requesters—after they share the repo URL and a temporary personal token, pull status, summarize who did what and when, and create/follow up on issues directly through the GitHub API.
README (SKILL.md)

Overview

Use this skill whenever a non-technical person (often over WhatsApp) needs lightweight GitHub help without cloning or forking a repo. Typical asks:

  • "Tell me what changed recently and who did it."
  • "Create an issue describing X."
  • "Follow up on existing issues or PRs." The workflow relies entirely on the GitHub REST API using a personal access token (PAT) the requester provides during the chat.

1. Gather prerequisites every session

  1. Repo identifier – ask for full URL or owner/name.
  2. PAT – confirm it has repo scope (private repos) or public_repo (public). Remind them to generate a short-lived token and send it in the chat; you’ll discard it afterward.
  3. Task brief – what they need (issue, summary, follow-up) plus timeframe (e.g., "last 7 days").

Always restate the inputs back to them before acting. If anything is missing, pause and ask.

2. Handle tokens safely

  • Paste the token into a temporary shell variable in the current session only: 
    export GITHUB_TOKEN="\x3Ctoken-from-chat>"
  • Never save tokens to disk or log files. When finished, run unset GITHUB_TOKEN.
  • Every API call must set Authorization: Bearer $GITHUB_TOKEN and Accept: application/vnd.github+json.

3. Fetch repo context before acting

  1. Health check: GET /repos/{owner}/{repo} – confirms access and surfaces default branch.
  2. Recent commits (for summaries / who-did-what):
    • GET /repos/{owner}/{repo}/commits?since=\x3CISO8601>&until=\x3CISO8601>
    • For per-author breakdown, add author=\x3Cusername> or group results locally.
  3. Issues & PRs: GET /repos/{owner}/{repo}/issues?state=all&since=\x3CISO8601>.
    • Distinguish PRs via pull_request key.

Record the raw JSON responses (e.g., save to /tmp/commits.json) if you need to run jq filters before summarizing.

4. Deep repo inspection without cloning

When you need file-level context (to quote code in an issue or explain why a commit matters), walk the tree via the REST API:

  1. List directories/files: GET /repos/{owner}/{repo}/contents/\x3Cpath>?ref=\x3Cbranch> returns metadata plus download URLs.
  2. Fetch raw blobs: reuse the download_url or call GET /repos/{owner}/{repo}/contents/\x3Cpath> with header Accept: application/vnd.github.raw.
  3. Large trees: GET /repos/{owner}/{repo}/git/trees/\x3Csha>?recursive=1 to grab the whole structure, then request the files you care about.
  4. Cache what you read per session (e.g., store under /tmp/github-chat-ops/\x3Crepo>/...) so subsequent lookups avoid extra API calls. Always mention the file + path + relevant snippet when writing summaries or issues.

5. Summaries for non-technical readers (with real changes)

Translate activity into plain language:

  • Group commits by contributor, then describe what actually changed (features/tests/configs) rather than just commit titles.
  • For each commit, hit GET /repos/{owner}/{repo}/commits/{sha} to see files[] (filenames, additions/removals, patch).
  • Extract the top 1–2 bullets per contributor: e.g., "Updated quiz_generator.py to support context prompts and added 3 YAML fixtures."
  • Mention timestamps in the user’s timezone (Africa/Lagos unless told otherwise).
  • Highlight status (merged, open, blocked) and outstanding follow-ups. Keep summaries short, bullet-style, and avoid jargon.

6. Creating or updating issues

  1. Clarify the problem, expected outcome, priority, and owners while chatting.
  2. Draft the issue body locally in Markdown (include background, repro steps, acceptance criteria).
  3. Create the issue via POST /repos/{owner}/{repo}/issues with JSON payload: 
    {
  "title": "...",
  "body": "...",
  "assignees": ["username"],
  "labels": ["priority:high"]
}
  4. Echo the created issue URL back to the user and summarize what was filed.

For follow-ups, use PATCH /repos/{owner}/{repo}/issues/{number} to update state or assignees, and POST /repos/{owner}/{repo}/issues/{number}/comments for status notes.

7. Conversation pattern (WhatsApp-ready)

  1. Confirm: "I’ll need the repo URL + a temporary token with repo scope—can you share those now?"
  2. After each action, report in natural language first, then share links/details.
  3. Keep tokens out of summaries. If the user sends screenshots or sensitive info, acknowledge and avoid re-sharing it elsewhere.

8. Daily automation & cron jobs

  • Store long-lived secrets outside the skill (e.g., .env.github-chat-ops with GITHUB_CHAT_OPS_TOKEN, repo, timezone).
  • Build reusable scripts under scripts/ (see scripts/github_chat_ops_daily.py) that load env vars, call the same APIs, and print a ready-to-send summary.
  • When scheduling via cron, run the script from the workspace root, capture stdout verbatim for the message, and surface errors if the script exits non-zero.
  • Let end users customize repo/timezone by editing the env file; document that in the skill release notes so downstream consumers know where to look.

9. References

Use references/github-api-cheatsheet.md for ready-made curl templates covering the endpoints above plus pagination tips.

Usage Guidance
This skill appears to do what it says (use a GitHub PAT to call repository endpoints), but there are inconsistencies and risky recommendations you should consider before using it: - Avoid sending long-lived or overly-permissive tokens in chat. Prefer short-lived or least-privilege PATs (only the repo access you need) or, better, GitHub Apps with scoped permissions where possible. - The SKILL.md says both 'never save tokens to disk' and also suggests storing a `.env.github-chat-ops` file for cron automation — those conflict. If you follow the automation guidance, be aware that storing tokens in files or cron jobs creates persistent credentials that can be leaked. - The cheat sheet includes a command to delete shell history (`history -d $((HISTCMD-1))`). That touches local shell state and can be used to hide activity; consider whether you trust the operator and avoid executing history-manipulation commands unless you understand them. - The 'whole-tree snapshot' example references `git rev-parse HEAD`, which only works in a cloned repo — it's inconsistent with the 'no clone' approach. If you need a tree SHA, derive it from the repository metadata (default branch commit) via the API instead. - Because this is instruction-only, installing the skill doesn't itself create persistence or exfiltrate data. The real risk comes from following its automation suggestions or pasting tokens into chat. If you use the skill, require ephemeral tokens, confirm you control their revocation, and manually revoke the PAT after the session. If you are uncomfortable sharing tokens in chat, decline to use this skill or require an alternative integration (GitHub App or a workflow that doesn't require sharing credentials directly). If you proceed, follow the principle of least privilege, keep tokens short-lived, and avoid storing them in plaintext files or cron jobs.
Capability Analysis
Type: OpenClaw Skill Name: github-chat-ops Version: 1.0.0 The skill is classified as suspicious primarily due to instructions in `SKILL.md` (Section 8) for the AI agent to set up a `cron` job for 'Daily automation'. While the stated intent is for legitimate automation of the skill's function using local scripts and environment variables, creating cron jobs is a high-risk persistence mechanism. This capability, even if intended for benign purposes, elevates the risk profile beyond a simple interactive skill. However, the skill also includes strong security instructions for handling sensitive data, such as using temporary shell variables for GitHub tokens, explicitly unsetting them, and avoiding saving them to disk or logs, which mitigates against clear malicious intent like data exfiltration or backdooring.
Capability Assessment
Purpose & Capability
The name/description (chat-driven GitHub repo management) aligns with the instructions: it uses the GitHub REST API and requires a Personal Access Token (PAT) supplied by the requester. There are no unrelated credential or binary requirements in the manifest. However, the SKILL.md also contains guidance for persistent automation (env files, scripts, cron) which goes beyond the real-time chat use-case described and is optional but notable.
Instruction Scope
Instructions are largely focused on GitHub API calls (appropriate), but there are several problematic or inconsistent pieces: (1) the doc says 'Never save tokens to disk' yet later recommends storing long‑lived secrets in a `.env.github-chat-ops` file for daily automation — contradictory and risky; (2) it recommends removing shell history with `history -d $((HISTCMD-1))`, which touches local shell state and could be abused or misleading for non-technical users; (3) the cheatsheet shows a whole-tree snapshot example that uses `$(git rev-parse HEAD)` — this requires a local git repo and contradicts the 'no clone' approach, so it's inaccurate; (4) it recommends caching under /tmp for sessions and also suggests persistent env files — mixing ephemeral and persistent storage without clear guidance.
Install Mechanism
There is no install spec and no code files — this is instruction-only, which minimizes supply-chain risk. Nothing will be automatically downloaded or written to disk by the skill itself.
Credentials
The skill does not declare required env vars in the manifest and instead asks users (during chat) to paste a PAT with the appropriate repo scope. Requesting a PAT is proportionate to the described functionality. The guidance to create and store a long‑lived `GITHUB_CHAT_OPS_TOKEN` for cron runs increases the sensitivity and persistence of credentials beyond the core live-chat use; that extra guidance is not justified by the immediate chat use-case and is a potential risk if followed.
Persistence & Privilege
The skill does not request permanent platform presence (always: false) and has no installable code that would run autonomously. However, the documentation explicitly encourages creating scripts, env files, and cron jobs outside the skill — this would create persistence in the user's environment if they follow it. That persistence is not enforced by the skill manifest but is recommended in the instructions, so it increases the operational risk if implemented by a user.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-chat-ops
  3. After installation, invoke the skill by name or use /github-chat-ops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of github-chat-ops skill to manage a single GitHub repository via chat for non-technical users. - Enables real-time status checks, commit summaries, and issue/PR management using only a repo URL and a temporary personal access token. - Strong focus on session-based token handling and security—no tokens persisted beyond session. - Summarizes repo activity in plain language with bullet points tailored for WhatsApp-style communication. - Deep repo inspection without cloning, with guidance on safely viewing file content and repository structure via the GitHub API. - Includes support for daily automation scripts using environment variables and cron jobs, with clear documentation for non-technical end users.
Metadata
Slug github-chat-ops
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Chat Assistant (Whatsapp)?

Manage a single GitHub repository via chat for non-technical requesters—after they share the repo URL and a temporary personal token, pull status, summarize who did what and when, and create/follow up on issues directly through the GitHub API. It is an AI Agent Skill for Claude Code / OpenClaw, with 906 downloads so far.

How do I install GitHub Chat Assistant (Whatsapp)?

Run "/install github-chat-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Chat Assistant (Whatsapp) free?

Yes, GitHub Chat Assistant (Whatsapp) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Chat Assistant (Whatsapp) support?

GitHub Chat Assistant (Whatsapp) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Chat Assistant (Whatsapp)?

It is built and maintained by iamkalio (@iamkalio); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments