by 安全扫描
OpenClaw
安全
high confidenceThe 技能's 请求ed 工具s, 环境 访问, and 运行time instructions are consistent with drafting and optionally submitting GitHub issues; nothing 请求ed 应用ears unrelated to that purpose.
评估建议
This 技能 应用ears to do what it says: draft and optionally submit GitHub issues. Before 安装ing: 1) Only provide a GH_令牌 with the minimum scope needed (e.g., public_repo or repo scope as 应用ropriate) and avoid granting broader org-level privileges. 2) Be aware the 代理 may submit issues autonomously if allowed — 移除 or withhold GH_令牌 if you want to 预防 automatic submissions. 3) The 技能 may 运行 git commands in the current working directory to 检测 the repo; avoid 运行ning it in directories contAIning sensitive r...详细分析 ▾
✓ 用途与能力
The name/description (draft and optionally submit GitHub issues) matches the declared requirements: gh, git, curl and a GH_令牌 for API fallback. Those binaries and the GH_令牌 凭证 are exactly what you'd expect for 检测ing a repo, creating drafts, and submitting issues.
✓ 指令范围
技能.md focuses on collecting issue detAIls, generating a 格式化ted issue body, and optionally submitting via the gh 命令行工具 or GitHub API. The only 系统 interaction beyond text composition is 检查ing git remote (git remote 获取-url origin) to infer the repo — which is consistent with the 状态d behavior. There are no instructions to read unrelated files or exfiltrate data to third-party 端点s.
✓ 安装机制
这是一个仅含指令的技能,没有安装规范或下载的代码,从而最大限度降低磁盘风险。它依赖系统已有工具(gh/git/curl),而非安装额外软件包。
✓ 凭证需求
Only GH_令牌 is identified as the primary 凭证 and is used only for the documented submission fallback via the GitHub API. No unrelated secrets or 环境 variables are required. The 技能.md explicitly notes drafting works without 凭证s and submission requires authentication, which is proportionate.
ℹ 持久化与权限
该 skill 并非始终启用(always:false)。然而,它可被自主调用(平台默认)。若提供了具备 issue 创建权限的 GH_TOKEN,且 agent 被允许自主调用 skill,则 agent 可在无需额外用户确认的情况下提交 issue——这是预期行为,但需留意。
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
安装命令
点击复制官方npx clawhub@latest install gh-issue-writer
镜像加速npx clawhub@latest install gh-issue-writer --registry https://cn.longxiaskill.com
技能文档
gh-issue-writer 根据简短描述、报错信息或想法,起草清晰、可执行的 GitHub issue。支持 bug 报告、功能请求、改进与任务。
步骤 1 — 理解输入 询问(或从上下文推断):
- 类型?Bug | Feature Request | Enhancement | Task | Question
- 仓库?(若在 git 目录,用
git remote get-url origin检测;否则询问) - 发生了什么 / 想要什么?(原始描述、报错或想法)
- 可选:标签、负责人、里程碑、环境信息
若用户已提供足够上下文,直接起草并展示确认。
步骤 2 — 起草 Issue 使用对应模板,填满所有字段;仅当确实不适用才省略。
Bug Report
Description
Steps to Reproduce
Expected Behavior
Actual Behavior
Environment
- OS:
- Browser / Runtime / Version:
- 相关配置或依赖:
Logs / Screenshots
Additional Context
Feature Request
Problem / Motivation
Proposed Solution
Alternatives Considered
Acceptance Criteria
- [ ]
- [ ]
Additional Context
Enhancement(现有行为改进)
Current Behavior
Desired Behavior
Why This Matters
Suggested Implementation
Task / Chore
What needs to be done
Why / Context
Definition of Done
- [ ]
- [ ]
步骤 3 — 撰写强标题 按类型格式:
- Bug:
<失败点>on<位置> - Feature:
<能力>for<对象/位置> - Enhance:
<什么>—<改进点> - Task:
<动词><事物>
步骤 4 — 建议标签与元数据 根据类型与内容推荐:
- Bug → bug, needs-repro
- Feature → enhancement, feature-request
- 高影响/阻塞 → priority:high
- 缺信息 → needs-info
- 新手友好 → good first issue
- 安全/性能/文档 → security / performance / documentation
步骤 5 — 展示审查 Title: <标题> Type: Bug / Feature / Enhancement / Task Suggested labels: bug, priority:high Suggested assignee: <已知> --- <完整正文> --- 问:“这样对吗?可改标题、补细节或直接提交。”
步骤 6 — 可选:提交 前提(仅提交时需要):
- gh CLI(已
gh auth login)— 首选 - GH_TOKEN 环境变量 — curl 回退
- git — 检测仓库
若用户说“submit”等: GitHub CLI(首选) gh issue create \ --repo owner/repo \ --title "