← 返回 Skills 市场
595
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pr-triage
功能描述
Triage open PRs by detecting duplicates, assessing quality, and generating prioritized reports. Use when a repo has too many PRs to review manually, needs du...
安全使用建议
This skill appears to do PR triage using the GitHub CLI, but the package metadata omits gh as a required binary and declares no credentials. Before installing or running it: 1) Verify you have the gh CLI installed and test gh auth behavior on the host (how does gh authenticate if GH_TOKEN/GITHUB_TOKEN are unset?). 2) Review and run the included scripts in read-only mode (no --action) first to confirm they only read PR metadata. 3) Be cautious about providing or relying on host-stored gh auth: if you run with --action the script can comment or edit PRs using whatever gh credentials are available. 4) Prefer running the tool with a dedicated machine/service account or in a sandboxed environment, and request the maintainer to update the registry metadata to declare the gh dependency and clearly document expected auth behavior (explain why GH_TOKEN/GITHUB_TOKEN are unset).
功能分析
Type: OpenClaw Skill
Name: pr-triage
Version: 1.0.0
The OpenClaw AgentSkills bundle is classified as benign. Both the `SKILL.md` instructions and the `scripts/triage.py` code are clearly aligned with the stated purpose of triaging GitHub Pull Requests. A strong positive security indicator is the explicit instruction and implementation in `scripts/triage.py` to unset `GH_TOKEN` and `GITHUB_TOKEN` environment variables before executing `gh` commands, preventing accidental use of highly privileged tokens. The skill's boundaries are well-defined, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent.
能力评估
Purpose & Capability
The skill's name, description, SKILL.md, and script all aim to triage PRs via the GitHub CLI (gh). However, the registry metadata declares no required binaries or credentials even though the agent and included script clearly depend on the gh CLI and on GitHub authentication. This mismatch is unexpected and should be clarified.
Instruction Scope
Instructions and the script run gh CLI commands to list PRs and (optionally) comment/edit PRs. They also instruct ALWAYS to run gh commands with env -u GH_TOKEN -u GITHUB_TOKEN (and the script does the same). That pattern is unusual: it explicitly unsets common GitHub token env vars which may cause gh to fall back to other auth methods (e.g., interactive or stored gh auth) or to fail. The skill will perform write actions if invoked with an --action flag, which is allowed by the script; the SKILL.md says it won't comment without --action, but the ability to perform comments/edits is present and requires GitHub credentials that are not declared.
Install Mechanism
No install spec (instruction-only with an included script). Nothing is downloaded from arbitrary URLs and no third-party packages are installed by the skill itself. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, but both SKILL.md and the script manipulate GH_TOKEN and GITHUB_TOKEN by unsetting them before invoking gh. The skill implicitly requires the gh CLI and some form of GitHub authentication (either env token or gh's stored auth). Not declaring these makes the credential requirements and behaviors unclear. The unset pattern could cause the skill to use host-stored credentials unexpectedly when taking write actions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not attempt to persist credentials. Autonomous invocation is enabled but that's the platform default; combined with the ability to perform PR comments/edits this increases blast radius only if the user allows --action or the agent is invoked autonomously to perform actions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pr-triage - 安装完成后,直接呼叫该 Skill 的名称或使用
/pr-triage触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of pr-triage skill.
- Automatically analyzes open PRs to detect duplicates, assess PR quality, and generate prioritized triage reports.
- Supports duplicate detection via file overlap, keyword similarity, and issue references.
- Assigns objective quality grades to PRs and highlights those ready to merge or needing review.
- Provides markdown reports with summaries, duplicate groups, stale PRs, and merge recommendations.
- Offers command-line flags for repo targeting, PR recency, result filtering, and report output.
元数据
常见问题
Pr Triage 是什么?
Triage open PRs by detecting duplicates, assessing quality, and generating prioritized reports. Use when a repo has too many PRs to review manually, needs du... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 595 次。
如何安装 Pr Triage?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-triage」即可一键安装,无需额外配置。
Pr Triage 是免费的吗?
是的,Pr Triage 完全免费(开源免费),可自由下载、安装和使用。
Pr Triage 支持哪些平台?
Pr Triage 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pr Triage?
由 zerone0x(@zerone0x)开发并维护,当前版本 v1.0.0。
推荐 Skills