← Back to Skills Marketplace
tag-assistant

Merge Check

by Tag · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
718
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install merge-check
Description
Analyze a GitHub pull request for mergeability — predict whether it will get merged based on technical, architectural, process, social, and compliance factor...
Usage Guidance
This skill appears to do what it says (gather PR data and produce a mergeability report), but it omits key operational details. Before running/installing: 1) Inspect the script yourself (it is included) to confirm you're comfortable with gh API calls. 2) Ensure you have gh and jq installed; the skill should have declared those as required. 3) Be aware the script will use your GitHub CLI authentication (your gh auth or GH_TOKEN) to read repository and PR data — run it only with an account/token that has appropriate (least-privilege) access. 4) If you want tighter safety, run the script in an isolated environment or with a read-only token; ask the publisher to update metadata to list required binaries and explicit credential guidance.
Capability Analysis
Type: OpenClaw Skill Name: merge-check Version: 1.0.0 The skill is classified as suspicious due to its reliance on executing a shell script (`scripts/merge-check.sh`) that performs extensive network calls to the GitHub API using the `gh` CLI. While the script's purpose is aligned with gathering data for PR analysis and shows no explicit malicious intent (e.g., data exfiltration, persistence, or arbitrary code execution), the use of `gh api` implies interaction with an external service and relies on the `gh` CLI's authentication token, which may possess broad permissions. This represents a powerful capability and potential attack surface if the underlying token is over-privileged or the script were to be modified, aligning with the 'risky capabilities without clear malicious intent' threshold.
Capability Assessment
Purpose & Capability
The skill claims to analyze GitHub PRs and includes a shell script that uses the GitHub CLI (gh) and jq to call GitHub APIs and assemble PR data. That capability is appropriate for the described purpose, but the skill metadata declares no required binaries or credentials even though the script clearly depends on gh and jq and on an authenticated gh configuration (or GH_TOKEN). The omission is a mismatch between claimed requirements and actual needs.
Instruction Scope
SKILL.md and the included script limit runtime actions to calling the GitHub API (via gh) and local processing with jq/bash, gathering PR metadata, files, checks, reviews, comments, commits, and repository files like CODEOWNERS/CONTRIBUTING. The instructions do not request or transmit data to external endpoints beyond GitHub and do not attempt to read unrelated system files.
Install Mechanism
This is instruction-only (no install spec), so nothing is written to disk by an installer. However, the script depends on external binaries (gh and jq) that are not declared in the registry metadata. That omission can cause surprising failures or implicit trust in the local gh installation.
Credentials
The skill declares no required environment variables or primary credential, yet the script implicitly requires GitHub authentication via the gh CLI (which typically relies on stored credentials or GH_TOKEN). The metadata should explicitly declare this dependence and the minimal scopes needed; as-is the skill may run with the user's existing GitHub credentials without making that clear.
Persistence & Privilege
The skill does not request always:true, does not attempt to persist or modify other skills or system settings, and only prints JSON to stdout. There is no evidence it attempts to install persistent agents or change global configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install merge-check
  3. After installation, invoke the skill by name or use /merge-check
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
Metadata
Slug merge-check
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Merge Check?

Analyze a GitHub pull request for mergeability — predict whether it will get merged based on technical, architectural, process, social, and compliance factor... It is an AI Agent Skill for Claude Code / OpenClaw, with 718 downloads so far.

How do I install Merge Check?

Run "/install merge-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Merge Check free?

Yes, Merge Check is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Merge Check support?

Merge Check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Merge Check?

It is built and maintained by Tag (@tag-assistant); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments