SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

tag-duplicate-prs-issues

Use gitcrawl to search duplicate OpenClaw PRs/issues, group related work in prtags, and sync duplicate state to GitHub.

Overall
58
Trust
24
Utility
80
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Built-in Skills

Path: .agents/skills/tag-duplicate-prs-issues/SKILL.md

Review flags: filesystem/home-directory access, network access or external URLs, remote script piped to shell, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands
  • Network/API usage
  • Filesystem/home access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

remote_script_pipehigh

References a remote script piped into a shell. This is a strong review signal because downloaded code could run immediately.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -68 from 4 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 11.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 379781 stars.
  • Fork activity suggests reuse: 79500 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

  • curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh | bash -s -- --bin-dir "$HOME/.local/bin"
  • gh
  • gh api
  • gh issue view <candidate-issue> --json number,title,state,body,comments,closedAt
  • gh issue view <number> --json number,title,state,body,comments,closedAt
  • gh pr view <candidate-pr> --json number,title,state,mergedAt,files,body,comments,reviews
  • gh pr view <number> --json number,title,state,mergedAt,body,closingIssuesReferences,files,comments,reviews,statusCheckRollup
  • gh search
  • gh search issues --repo openclaw/openclaw --match comments --limit 50 -- "<error or maintainer phrase>"
  • gh search issues --repo openclaw/openclaw --match title,body --limit 50 -- "<key phrase>"
  • gh search prs --repo openclaw/openclaw --match title,body --limit 50 -- "<key phrase>"

URLs

  • https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/openclaw/openclaw@main
path
.agents/skills/tag-duplicate-prs-issues/SKILL.md
source blob SHA
c2706bfeef0c81b2648ec3d434ef9bc1155d2b30
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

remote_script_pipe

…tainer explicitly wants to test unreleased behavior. `prtags` CLI install path: ```bash curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh | bash -s -- --bin-dir "$HOME/.local/bin" ``` ### Authenticate prtags `prtags

filesystem_write_or_home_access

…g. It is not for reviewing the implementation quality of a PR. ## Required Setup Do not write duplicate groups or annotations until this setup is complete. Read-only discovery can sti…

network_access

…tainer explicitly wants to test unreleased behavior. `prtags` CLI install path: ```bash curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh…

shell_command

…il this setup is complete. Read-only discovery can still proceed with `gitcrawl` and live `gh`. ### Companion Skills Use `$gitcrawl` first for local candidate discovery. Use the `prt…

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources