← Back to Skills Marketplace
Prompt Request Pipeline
by
Shunsuke Hayashi
· GitHub ↗
· v1.0.0
536
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install prompt-request
Description
GitHub Issue → auto-implement → PR → review → auto-merge pipeline. Write an Issue with [auto] tag, and the pipeline handles everything: task analysis, implem...
Usage Guidance
This skill will automatically clone repositories, modify code, commit, push, create PRs, review, and merge — so before installing: 1) Recognize that the SKILL.md assumes GitHub CLI auth, SSH write access, and an OpenClaw webhook token/endpoint even though the skill metadata lists no required credentials — treat those as required and only grant minimal-scoped credentials (deploy key or fine-scoped PAT) on a test repo first. 2) The message template sets allowUnsafeExternalContent=true and delivers to an external channel (telegram); avoid exposing secrets in what the agent posts and restrict destination channels. 3) The instructions say 'MUST execute' — prefer adding a mandatory manual-approval step (or a staging repository) to prevent unintended writes. 4) Test thoroughly in a sandbox repository with limited access and CI protections enabled (branch protection rules, required reviews) before enabling on real repos. 5) Consider removing or auditing any references that let the agent read other skills/agent files if those repositories may contain secrets. If you want, provide the maintainer contact or a provenance/source URL — lack of a homepage/source reduces transparency and increases risk.
Capability Analysis
Type: OpenClaw Skill
Name: prompt-request
Version: 1.0.0
This skill bundle is highly suspicious due to multiple severe vulnerabilities that enable remote code execution (RCE) and data exfiltration. The `openclaw.json` configuration (referenced in `SKILL.md` and `examples/sample-hook-config.json`) explicitly sets `allowUnsafeExternalContent: true`, which significantly lowers security barriers. The `templates/messageTemplate.txt` contains direct `exec()` calls with interpolated user-controlled variables (e.g., `OMEGA_BRIDGE_PATH`, `{{issue.number}}`), creating shell injection and RCE risks. Furthermore, the agent is instructed to read and follow external markdown files (e.g., `AGENTS.md`, `SOUL.md`, `SKILL.md`) from the repository itself, and to 'implement each meaningful task' from the issue body, providing extensive prompt injection surfaces. The agent is also instructed to 'Run existing tests' and automatically merge PRs based on its own review, which can be bypassed by a malicious actor to introduce and merge harmful code.
Capability Assessment
Purpose & Capability
The skill claims to automate GitHub workflows and the runtime instructions do exactly that (clone, branch, edit, commit, push, create PR, review, merge). However the SKILL metadata declares no required credentials or config, while the doc explicitly requires GitHub CLI authentication, SSH write access, an OpenClaw hooks token/endpoint, and a webhook — this mismatch between declared requirements and actual needs is incoherent and materially important.
Instruction Scope
The SKILL.md instructs the agent to perform potentially destructive repository actions (clone repos, run tests, edit code, commit, push, create PRs, and auto-merge) and to read arbitrary files inside the repo (other agents' AGENTS.md, other skills' SKILL.md). It also contains forceful 'You MUST execute' wording that removes human-in-the-loop discretion. Those actions are within the stated purpose but grant broad write/read access to repository contents and could produce unintended changes if misconfigured.
Install Mechanism
No install spec or external binary downloads are included in the skill bundle (instruction-only). That minimizes supply-chain risk from the skill package itself.
Credentials
The runtime requires sensitive capabilities (GitHub CLI auth and SSH push rights, webhook secret for OpenClaw, access to a working directory where repos are cloned) but the skill metadata lists no required environment variables or primary credential. The messageTemplate also sets allowUnsafeExternalContent=true and sends output to an external channel (telegram). These implicit/undeclared requirements and permissive delivery settings increase risk and are disproportionate to what the package declares.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent platform privileges, but it instructs autonomous modification of external repositories (push/PR/merge) when invoked. Autonomous invocation combined with the above undeclared credential assumptions raises operational risk — consider restricting invocation scope and requiring manual approvals.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install prompt-request - After installation, invoke the skill by name or use
/prompt-request - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: GitHub Issue to auto-implement PR pipeline with early-exit optimization, progress comments, and auto-merge
Metadata
Frequently Asked Questions
What is Prompt Request Pipeline?
GitHub Issue → auto-implement → PR → review → auto-merge pipeline. Write an Issue with [auto] tag, and the pipeline handles everything: task analysis, implem... It is an AI Agent Skill for Claude Code / OpenClaw, with 536 downloads so far.
How do I install Prompt Request Pipeline?
Run "/install prompt-request" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Prompt Request Pipeline free?
Yes, Prompt Request Pipeline is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Prompt Request Pipeline support?
Prompt Request Pipeline is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Prompt Request Pipeline?
It is built and maintained by Shunsuke Hayashi (@shunsukehayashi); the current version is v1.0.0.
More Skills