← 返回 Skills 市场
linux2010

PR Advocacy

作者 Andy Tien · GitHub ↗ · v1.0.3
cross-platform ⚠ suspicious
452
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install pr-advocacy
功能描述
Monitor PR status every 4 hours, promptly address feedback and CI issues, communicate clearly within 24 hours, and drive reviews to timely merge.
安全使用建议
This skill will (per its instructions) run gh/git/npm commands, modify repository branches, and write a tracking file to a hard-coded home path — yet the registry metadata does not declare the required binaries, credentials, or config path. Before installing: 1) Verify you want an automated agent that can commit and push changes; prefer a bot account with limited repo scopes rather than your personal credentials. 2) Confirm GH CLI/git/npm availability and how authentication will be provided (GH_TOKEN or gh auth), and require the skill to declare those env vars. 3) Fix the hard-coded path: update it to a configurable, relative path or prompt for the correct location. 4) Consider disabling autonomous invocation or require explicit approval before any commit/push. 5) Test in a sandbox repository first. If the author cannot justify the undeclared dependencies and the hard-coded filesystem access, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill Name: pr-advocacy Version: 1.0.3 The skill is classified as suspicious due to its instructions for the AI agent to perform powerful actions that, while necessary for its stated purpose, introduce significant attack surfaces. Specifically, the `SKILL.md` instructs the agent to 'Commit changes to existing PR branch' and 'Maintain version history through git commits' for its tracking file, implying `git commit` and `git push` capabilities. It also provides `gh` shell command examples, indicating shell execution. These capabilities (modifying code in repositories, extensive file system interaction, and shell command execution) could be exploited via prompt injection or other vulnerabilities if the agent's input sanitization is not robust, even though the skill itself does not demonstrate explicit malicious intent like data exfiltration or backdoor installation.
能力评估
Purpose & Capability
The name/description (PR monitoring and advocacy) matches the instructions, but the skill metadata declares no required binaries, env vars, or config paths while the SKILL.md expects tools like gh, git, npm and write access to a user workspace. Declaring no dependencies/configs is inconsistent with the stated capabilities.
Instruction Scope
Instructions direct the agent to run gh and local commands, automatically create and commit fixes to PR branches, and persist a tracking file to a concrete path (/Users/hope/.openclaw/agents/coding/workspace/memory/pr-tracking-list.md). Those behaviors require repository write/push access and filesystem writes and go beyond simple monitoring — the skill can modify code and commit changes autonomously.
Install Mechanism
No install spec (instruction-only), which reduces installation risk. However, SKILL.md implicitly requires command-line tools (gh, git, npm) to be present and authenticated; those requirements are not declared in the registry metadata.
Credentials
The skill metadata lists no required credentials, yet runtime behavior requires authenticated GitHub/GH CLI access and permission to push commits. The SKILL.md also uses a hard-coded absolute path under /Users/hope which may not match the installer's environment and indicates implicit access to the user's workspace without being declared.
Persistence & Privilege
always:false (ok) but autonomous invocation is allowed (platform default). Combined with instructions to auto-commit changes, write persistent tracking files, and run hourly heartbeat flows, this creates a high-impact capability if the agent is allowed to run without explicit user confirmation.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pr-advocacy
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pr-advocacy 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Adds real-time synchronization of the PR tracking list file after any PR status change. - Introduces detailed guidelines for tracking list file management, atomic updates, error handling, and data recovery. - Updates memory tracking and automation sections to emphasize immediate tracking list updates for improved data integrity. - Expands success metrics to include tracking list accuracy and information loss prevention.
v1.0.2
- Heartbeat PR status monitoring frequency changed from every 4 hours to every 1 hour. - Expanded section on PR state-specific handling: separately details processes for OPEN, CLOSED/REJECTED, and MERGED PRs. - Added clear rules for automatic cleanup of closed/rejected PRs and enhanced tracking/memory guidance. - Introduced "Automatic Response Workflow" outlining step-by-step feedback processing and monitoring updates. - Minor wording, structure, and process clarifications throughout for better clarity and automation readiness.
v1.0.1
- Added automatic cleanup and archiving of closed/merged PRs from tracking lists. - Updated PR status monitoring to explicitly track and handle closed/merged states. - Improved automation integration to ensure obsolete PRs are promptly removed from summaries and memory. - Enhanced success metrics and best practices to include PR lifecycle management and tracking accuracy. - Minor clarifications and examples updated for better guidance on PR handling.
v1.0.0
Initial release of the PR Advocacy skill. - Monitors PR status, CI/CD checks, and reviewer feedback every 4 hours. - Ensures all reviewer comments are acknowledged and addressed within 24 hours. - Proactively resolves issues like CI failures, merge conflicts, and missing documentation. - Assesses PRs with clear health statuses (Green, Yellow, Red, Stale) and acts accordingly. - Integrates with automation systems for heartbeat monitoring and memory tracking. - Focuses on professional communication, technical quality, and prompt resolution of PR feedback.
元数据
Slug pr-advocacy
版本 1.0.3
许可证
累计安装 1
当前安装数 1
历史版本数 4
常见问题

PR Advocacy 是什么?

Monitor PR status every 4 hours, promptly address feedback and CI issues, communicate clearly within 24 hours, and drive reviews to timely merge. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 452 次。

如何安装 PR Advocacy?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-advocacy」即可一键安装,无需额外配置。

PR Advocacy 是免费的吗?

是的,PR Advocacy 完全免费(开源免费),可自由下载、安装和使用。

PR Advocacy 支持哪些平台?

PR Advocacy 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 PR Advocacy?

由 Andy Tien(@linux2010)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论