git-mender — Automatically fix GitHub issues end-to-end: reads the issue, analyzes repository code, implements a fix, and submits a pull request. Use when th...
Security Analysis
high confidenceThe skill's requirements and instructions are coherent with its stated purpose (automating GitHub issue fixes); it does not request unrelated credentials or install arbitrary remote code, but it will clone repositories and may run repository tests/scripts which can execute untrusted code — review and run in a safe environment.
The skill claims to read GitHub issues, analyze a repo, implement fixes, and open PRs. All requested resources and steps (git/gh usage, cloning, local repo access, and PR creation) align with that purpose. It does not ask for unrelated environment variables or secrets.
The runtime instructions direct the agent to clone repositories, run searches, edit code, run the project's tests/linters, commit, and (with approval) push and create PRs. These actions are expected for this purpose but carry operational risk: running tests or other repo-provided scripts can execute arbitrary code from the target repository. The SKILL.md does require explicit user approval before submitting a PR, which mitigates but does not eliminate risk.
There is no remote download/install step; the provided scripts/install.sh only copies SKILL.md into ~/.qoder/skills/git-mender. Installer uses standard, traceable operations and does not fetch arbitrary archives from unknown hosts.
The skill requests no environment variables or secrets. It relies on the user's existing git/gh tooling and authentication, which is proportional to performing GitHub clones/pushes. No unrelated credentials or config paths are requested.
always is false and the skill does not request permanent elevated privileges. The installer writes only to a user-scope path (~/.qoder/skills/git-mender/) and does not modify other skills or system-wide settings.
Guidance
This skill appears to do what it says: it will read issues, clone repos, edit code, run tests, and create PRs using your git/gh credentials. Before installing or invoking it: 1) ensure your gh/git are configured and you understand which GitHub account will be used; 2) do not run it against sensitive/private repos unless you trust the agent and environment; 3) review diffs and only approve PR submission when you are satisfied; 4) be aware that running a project's tests or scripts can execute arbitrary code from that repository — consider running in a sandbox or disposable environment if you are unsure.
Latest Release
v1.1.0
git-mender 1.1.0 Changelog - Added a detailed, step-by-step workflow covering all phases from parsing GitHub issue URLs to submitting pull requests. - Introduced a checklist-based progress tracker to manage agent tasks. - Improved repository detection and cloning logic, including fallback steps if tools are missing. - Expanded analysis and implementation instructions to ensure thorough root cause analysis before making code changes. - Enhanced verification phase with automated project type detection and test/lint command guidance. - Added user confirmation and detailed change presentation before submitting pull requests.
More by @4ydx3906
Published by @4ydx3906 on ClawHub
