← 返回 Skills 市场

GitHub PR Automation Pro

Name: GitHub PR Automation Pro
Author: dagangtj

作者 dagangtj · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

234

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-pr-automation-pro

功能描述

Automate GitHub pull request workflows including creation, review, merging, and monitoring. Handles PR templates, auto-labeling, CI/CD integration, and revie...

使用说明 (SKILL.md)

GitHub PR Automation

Streamline GitHub pull request workflows with intelligent automation for creation, review, and merging.

Features

Automated PR creation with templates
Smart labeling and assignment
CI/CD status monitoring
Auto-review and approval workflows
Conditional auto-merge
Batch PR operations
PR analytics and reporting

Quick Start

Create PR with Template

node scripts/create_pr.js --branch feature/new-api --title "Add new API endpoint" --template feature

Monitor PR Status

node scripts/monitor_pr.js --pr 123

Returns CI status, review status, and merge readiness.

Auto-merge Ready PRs

node scripts/auto_merge.js --repo owner/repo --conditions "ci_passed,reviews_approved"

Batch Review PRs

node scripts/batch_review.js --repo owner/repo --label "ready-for-review" --action approve

Configuration

PR automation rules are defined in references/automation_rules.json:

{
  "auto_label": {
    "bug": ["fix", "bugfix"],
    "feature": ["feat", "feature"],
    "docs": ["docs", "documentation"]
  },
  "auto_merge": {
    "enabled": true,
    "conditions": ["ci_passed", "reviews_approved", "no_conflicts"]
  },
  "reviewers": {
    "backend": ["@backend-team"],
    "frontend": ["@frontend-team"]
  }
}

PR Templates

Store templates in references/pr_templates/:

feature.md - Feature PRs
bugfix.md - Bug fixes
hotfix.md - Urgent fixes
docs.md - Documentation updates

GitHub CLI Integration

This skill uses gh CLI for GitHub operations. Ensure it's installed and authenticated:

gh auth status

Pricing

Free: Basic PR automation, 1 repository, manual triggers
Pro ($14.99/month): Unlimited repos, auto-triggers, advanced rules
Team ($49.99/month): Multi-team support, custom workflows, analytics

安全使用建议

This package is internally inconsistent and has unsafe command construction. Before installing or running it: 1) Do not run these scripts with untrusted inputs; they build shell commands via string concatenation (execSync) and can be exploited if titles/branches/labels/templates contain malicious characters. 2) Review the missing features: SKILL.md references auto_merge.js and batch_review.js which are not included — the advertised capabilities are not implemented. 3) If you want to use it, run it in an isolated environment or container and inspect/modify scripts to avoid execSync with interpolated strings (use child_process.spawn or execFile with argument arrays, or call GitHub via Octokit REST APIs). 4) Confirm what GitHub account 'gh' is authenticated to and its permissions; the scripts will act with that account's privileges. 5) Prefer vetted alternatives (official GitHub Actions, GitHub Apps, or libraries like Octokit) if you need robust auto-merge/approval automation. If you want, provide the missing scripts or an updated implementation and I can re-evaluate.

功能分析

Type: OpenClaw Skill Name: github-pr-automation-pro Version: 1.0.0 The skill bundle contains critical command injection vulnerabilities in scripts/create_pr.js and scripts/monitor_pr.js, where unsanitized user input (such as PR titles, bodies, and numbers) is passed directly into shell commands via execSync. While these flaws allow for arbitrary code execution, there is no evidence of intentional malice or exfiltration logic. Additionally, the documentation in SKILL.md references scripts (auto_merge.js and batch_review.js) that are missing from the provided bundle.

能力评估

⚠ Purpose & Capability

The README/description advertises auto-merge, auto-review, batch operations, analytics, and paid tiers, but the bundle only contains two scripts (create_pr.js and monitor_pr.js) and static templates/rules. SKILL.md references additional scripts (auto_merge.js, batch_review.js) that are not present. The claimed feature set is broader than the provided implementation.

⚠ Instruction Scope

Runtime instructions and the included scripts invoke the system 'gh' CLI and Git commands. The scripts construct shell commands by interpolating user-supplied values (title, branch, labels) and template contents into a single command string passed to child_process.execSync, which can lead to shell/command-injection if inputs contain special characters. The SKILL.md also instructs using non-existent scripts, which gives the agent broad discretion to try to run things that don't exist.

✓ Install Mechanism

There is no install spec (instruction-only with shipped scripts). That reduces supply-chain risk from downloads. The skill does require the external 'gh' CLI to be present, which is expected for a GitHub integration.

ℹ Credentials

The skill declares no required environment variables or credentials, which aligns with using the locally-authenticated 'gh' CLI. However, it will act using whatever GitHub authentication the 'gh' CLI has on the host (personal or machine tokens stored by gh), so it uses existing credentials implicitly — users should be aware it will operate with whatever permissions gh is configured with.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and has no install steps. It does not request persistent system-level privileges in its metadata.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-pr-automation-pro
安装完成后，直接呼叫该 Skill 的名称或使用 /github-pr-automation-pro 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Automated PR creation, monitoring, and merging workflows

元数据

Slug github-pr-automation-pro

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题