← Back to Skills Marketplace
595
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pr-triage
Description
Triage open PRs by detecting duplicates, assessing quality, and generating prioritized reports. Use when a repo has too many PRs to review manually, needs du...
Usage Guidance
This skill appears to do PR triage using the GitHub CLI, but the package metadata omits gh as a required binary and declares no credentials. Before installing or running it: 1) Verify you have the gh CLI installed and test gh auth behavior on the host (how does gh authenticate if GH_TOKEN/GITHUB_TOKEN are unset?). 2) Review and run the included scripts in read-only mode (no --action) first to confirm they only read PR metadata. 3) Be cautious about providing or relying on host-stored gh auth: if you run with --action the script can comment or edit PRs using whatever gh credentials are available. 4) Prefer running the tool with a dedicated machine/service account or in a sandboxed environment, and request the maintainer to update the registry metadata to declare the gh dependency and clearly document expected auth behavior (explain why GH_TOKEN/GITHUB_TOKEN are unset).
Capability Analysis
Type: OpenClaw Skill
Name: pr-triage
Version: 1.0.0
The OpenClaw AgentSkills bundle is classified as benign. Both the `SKILL.md` instructions and the `scripts/triage.py` code are clearly aligned with the stated purpose of triaging GitHub Pull Requests. A strong positive security indicator is the explicit instruction and implementation in `scripts/triage.py` to unset `GH_TOKEN` and `GITHUB_TOKEN` environment variables before executing `gh` commands, preventing accidental use of highly privileged tokens. The skill's boundaries are well-defined, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
The skill's name, description, SKILL.md, and script all aim to triage PRs via the GitHub CLI (gh). However, the registry metadata declares no required binaries or credentials even though the agent and included script clearly depend on the gh CLI and on GitHub authentication. This mismatch is unexpected and should be clarified.
Instruction Scope
Instructions and the script run gh CLI commands to list PRs and (optionally) comment/edit PRs. They also instruct ALWAYS to run gh commands with env -u GH_TOKEN -u GITHUB_TOKEN (and the script does the same). That pattern is unusual: it explicitly unsets common GitHub token env vars which may cause gh to fall back to other auth methods (e.g., interactive or stored gh auth) or to fail. The skill will perform write actions if invoked with an --action flag, which is allowed by the script; the SKILL.md says it won't comment without --action, but the ability to perform comments/edits is present and requires GitHub credentials that are not declared.
Install Mechanism
No install spec (instruction-only with an included script). Nothing is downloaded from arbitrary URLs and no third-party packages are installed by the skill itself. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, but both SKILL.md and the script manipulate GH_TOKEN and GITHUB_TOKEN by unsetting them before invoking gh. The skill implicitly requires the gh CLI and some form of GitHub authentication (either env token or gh's stored auth). Not declaring these makes the credential requirements and behaviors unclear. The unset pattern could cause the skill to use host-stored credentials unexpectedly when taking write actions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not attempt to persist credentials. Autonomous invocation is enabled but that's the platform default; combined with the ability to perform PR comments/edits this increases blast radius only if the user allows --action or the agent is invoked autonomously to perform actions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pr-triage - After installation, invoke the skill by name or use
/pr-triage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of pr-triage skill.
- Automatically analyzes open PRs to detect duplicates, assess PR quality, and generate prioritized triage reports.
- Supports duplicate detection via file overlap, keyword similarity, and issue references.
- Assigns objective quality grades to PRs and highlights those ready to merge or needing review.
- Provides markdown reports with summaries, duplicate groups, stale PRs, and merge recommendations.
- Offers command-line flags for repo targeting, PR recency, result filtering, and report output.
Metadata
Frequently Asked Questions
What is Pr Triage?
Triage open PRs by detecting duplicates, assessing quality, and generating prioritized reports. Use when a repo has too many PRs to review manually, needs du... It is an AI Agent Skill for Claude Code / OpenClaw, with 595 downloads so far.
How do I install Pr Triage?
Run "/install pr-triage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pr Triage free?
Yes, Pr Triage is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pr Triage support?
Pr Triage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pr Triage?
It is built and maintained by zerone0x (@zerone0x); the current version is v1.0.0.
More Skills