← Back to Skills Marketplace
danie1lin

gh-modify-pr

by Daniel Lin · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
470
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install gh-modify-pr
Description
Modify code based on GitHub PR review comments and create a local commit using gh + git. Use when the user asks to "follow PR comments", "fix review comments...
README (SKILL.md)

gh-modify-pr

Use this workflow for PR-comment-driven changes.

Inputs

  • PR URL (preferred), e.g. https://github.com/owner/repo/pull/123
  • Optional scope from user (e.g. only one comment, all unresolved comments)

Workflow

  1. Parse owner/repo and PR number from URL.
  2. Inspect PR summary:
    • gh pr view \x3Curl> --json number,title,headRefName,baseRefName,files,reviews,reviewDecision
  3. Fetch inline review comments:
    • gh api repos/\x3Cowner>/\x3Crepo>/pulls/\x3Cnumber>/comments
  4. Extract actionable items from comment bodies.
  5. Ensure local repo exists in workspace:
  6. Checkout PR branch in local repo:
    • gh pr checkout \x3Cnumber>
  7. Open affected files and implement requested changes exactly.
  8. Validate changed files quickly (lint/test only if needed or requested).
  9. Commit:
    • git add \x3Cfiles>
    • git commit -m "\x3Cclear message>"
  10. Report back with:
  • What changed
  • Commit hash
  • Branch name
  1. Push only if user asks/approves:
  • git push

Rules

  • Prefer minimal diffs that address reviewer intent directly.
  • Do not silently alter unrelated code.
  • If a comment is ambiguous, ask one focused clarification question.
  • If no local repo exists, clone first instead of failing.
  • Include failed attempts in the final operation log when user asks for traceability.

Handy commands

# PR meta
gh pr view \x3Curl> --json number,title,headRefName,baseRefName,files,reviews,reviewDecision

# Inline review comments
gh api repos/\x3Cowner>/\x3Crepo>/pulls/\x3Cnumber>/comments

# Checkout PR branch (inside repo)
gh pr checkout \x3Cnumber>

# Status and commit
git status --short
git add \x3Cfiles>
git commit -m "chore: address PR review comments"

Output template

  • PR: \x3Curl>
  • Addressed comments: \x3Cn>
  • Changed files:
    • \x3Cpath>: \x3Csummary>
  • Commit: \x3Chash>
  • Branch: \x3Cbranch>
  • Pushed: yes/no
Usage Guidance
This skill appears to do what it says: it will use the GitHub CLI and git to clone (if needed), check out the PR branch, modify files, and create a local commit. Before installing/using: ensure you trust the agent to modify code in the workspace, keep backups or run in a disposable clone, and verify changes before allowing any push. Note the skill will use your existing GitHub/Git auth (SSH keys or gh login/GH_TOKEN) even though no env vars are declared — confirm those credentials are appropriate for the repo you allow it to access. If you want stricter control, run the workflow in an isolated environment or provide a read-only clone and manually review commits before pushing.
Capability Analysis
Type: OpenClaw Skill Name: gh-modify-pr Version: 1.0.1 The skill is suspicious due to potential Remote Code Execution (RCE) vulnerabilities. Specifically, the instruction to `git clone [email protected]:<owner>/<repo>.git` derives the repository URL from user input (PR URL). If a malicious user provides a crafted PR URL pointing to a repository with malicious Git hooks (e.g., `post-checkout`), arbitrary code could be executed on the agent's system. Additionally, the instruction to 'Validate changed files quickly (lint/test only if needed or requested)' could lead to arbitrary command execution if the agent is prompted to run user-controlled lint/test commands. These are significant vulnerabilities, though not indicative of intentional malice by the skill developer.
Capability Assessment
Purpose & Capability
Name/description ask for making PR-driven edits; required binaries are gh and git which are exactly what's needed to view PRs, fetch comments, checkout branches, and commit — coherent with the stated purpose.
Instruction Scope
Instructions operate on the local repo and GitHub via gh (view PR, fetch comments, checkout, commit). They do not request unrelated files or external endpoints. NOTE: the workflow will edit files in the agent workspace and commit them locally — this is expected for the task but is an action that will modify user files.
Install Mechanism
Instruction-only skill with no install steps or downloads. Lowest-risk install profile.
Credentials
Requires no declared env vars, which is reasonable, but implicitly depends on local Git/GitHub authentication (SSH keys for [email protected] clone and/or gh authentication or GH_TOKEN). Those credentials live in the environment/tooling but are not explicitly declared — not necessarily malicious, but users should be aware the skill will use existing git/gh auth to access repos.
Persistence & Privilege
always:false (not force-included). The skill will modify local files and can push only with user approval per its rules; it does not request persistent/system-wide privileges or attempt to change other skills' settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gh-modify-pr
  3. After installation, invoke the skill by name or use /gh-modify-pr
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Declare runtime requirements in metadata (gh, git).
v1.0.0
Initial release
Metadata
Slug gh-modify-pr
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is gh-modify-pr?

Modify code based on GitHub PR review comments and create a local commit using gh + git. Use when the user asks to "follow PR comments", "fix review comments... It is an AI Agent Skill for Claude Code / OpenClaw, with 470 downloads so far.

How do I install gh-modify-pr?

Run "/install gh-modify-pr" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is gh-modify-pr free?

Yes, gh-modify-pr is completely free (open-source). You can download, install and use it at no cost.

Which platforms does gh-modify-pr support?

gh-modify-pr is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created gh-modify-pr?

It is built and maintained by Daniel Lin (@danie1lin); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments