Remote OpenClaw

Remote OpenClaw Blog

GitHub MCP Skill: Automated Code Reviews, Issues, and PR Summaries

4 min read ·

Code review bottlenecks, unorganized issue backlogs, and missed security advisories are problems every development team faces. The GitHub MCP skill on OpenClaw Bazaar connects your OpenClaw agent directly to the GitHub API, enabling automated code reviews, issue management, repository monitoring, and release note generation.

What the GitHub Skill Automates

Once installed, the GitHub MCP skill gives your agent these capabilities:

  • Automated PR code reviews -- every new pull request receives an AI analysis of the diff with suggestions, potential bugs, and style feedback
  • Issue triage and management -- create, label, assign, and close issues through natural conversation
  • Commit digests -- daily summaries of commits across all connected repositories delivered to your messaging channel
  • Repository monitoring -- real-time alerts for new PRs, issues, releases, and Dependabot security advisories
  • Code search -- "Find all files that reference the payment API" searches across your repositories
  • Release note generation -- auto-generate changelog entries from merged PRs between two tags

Authentication: Personal Access Token vs. GitHub App

The GitHub skill supports two authentication methods. Choose based on your team size and security requirements.

Personal Access Token (individual developers)

Go to GitHub -> Settings -> Developer settings -> Personal access tokens -> Fine-grained tokens. Create a new token scoped to your target repositories with these permissions: Contents (read), Issues (read/write), Pull requests (read/write), Metadata (read).

mcp_servers:
  github:
    auth_method: "pat"
    token: "github_pat_your_token_here"
    repos:
      - "owner/repo-name"
      - "owner/other-repo"
    webhook_secret: "your-webhook-secret"

GitHub App (teams and organizations)

GitHub Apps offer better permission granularity, higher rate limits (15,000 requests/hour vs. 5,000), and organization-level management. Create one at GitHub -> Settings -> Developer settings -> GitHub Apps.

Set the webhook URL to your OpenClaw endpoint. Configure permissions for repository contents (read), issues (read/write), and pull requests (read/write). Subscribe to Pull request, Issues, and Push events.

Install the app on your organization, selecting which repositories it can access.

mcp_servers:
  github:
    auth_method: "app"
    app_id: "12345"
    private_key_path: "/path/to/private-key.pem"
    installation_id: "67890"
    webhook_secret: "your-webhook-secret"

Installing From the Bazaar

Search for "GitHub" in the OpenClaw Bazaar skills directory. Multiple community-maintained GitHub skills are available -- compare ratings, feature sets, and reviews to find the best fit. Install your chosen skill and apply the configuration above.

Test with: "Show me the open PRs in owner/repo-name." The agent should list current pull requests with their status, author, and review state.

Developer Workflow Examples

Morning dev briefing. Every morning at 8 AM, the agent compiles a summary: new PRs awaiting review, recently merged PRs, open issues assigned to you, and any Dependabot alerts. Delivered straight to your Slack or Discord channel via the corresponding MCP skills.

Marketplace

Free skills and AI personas for OpenClaw — browse the marketplace.

Browse the Marketplace →

Automated PR review pipeline. When a webhook fires for a new pull request, the agent fetches the diff, analyzes it for common issues (security vulnerabilities, missing error handling, untested code paths), and posts a structured review comment. Developers still make the final merge decision, but the first-pass review happens automatically within minutes.

Issue triage by keyword. New issues are automatically labeled based on content analysis. Bug reports get the bug label, feature requests get enhancement, and anything mentioning "crash" or "error" gets priority:high. Assignment rules route issues to the relevant team member.

Release management. "Create a release with notes from the last 15 merged PRs" generates a formatted changelog grouped by category (features, fixes, maintenance) and creates the GitHub release.

Documentation drift detection. The agent flags PRs that change code in /src without corresponding updates in /docs. A comment reminds the author to update documentation before merge.

Security monitoring. When Dependabot opens a vulnerability alert, the agent summarizes the severity, affected dependencies, and recommended fix, then posts to your security channel.

Troubleshooting Common Issues

401 Bad credentials. Your token may be expired or lack required permissions. For fine-grained tokens, verify that each repository is explicitly included in the token's access list. Regenerate if needed.

Webhooks not arriving. Confirm your server URL is publicly reachable over HTTPS. Check that the webhook secret matches between GitHub and your config. Review the webhook delivery log at Repository Settings -> Webhooks for error details.

Rate limiting (403 responses). Authenticated users get 5,000 requests per hour; GitHub Apps get 15,000. If you are polling frequently, switch to webhook-driven events. The skill supports both modes.

PR review comments fail to post. The token needs Pull request write permissions. For GitHub Apps, the "Pull requests" permission must be set to Read & Write, not just Read.

Private repositories not accessible. Fine-grained tokens must explicitly list each private repository. Check the token's repository access settings and add any missing repos.

The GitHub skill works with both GitHub.com and GitHub Enterprise Server. For Enterprise, set the api_url in your config to your server's API endpoint (e.g., https://github.yourcompany.com/api/v3). Browse the skills directory for related developer tools including CI/CD, testing, and deployment skills.

Browse the Skills Directory

Find the right skill for your workflow. The OpenClaw Bazaar skills directory has over 2,300 community-rated skills -- searchable, sortable, and free to install.

Browse Skills ->

Personas Include MCP Servers

OpenClaw personas come with pre-configured MCP server connections -- no manual setup needed. Pick a persona and the right servers are already wired in. Compare personas ->

Want to explore more?

SkillsFree and premium skills that add capabilities to any OpenClaw persona.Full MarketplaceAll personas, skills, and bundles in one place.More Guides200+ free OpenClaw guides, tutorials, and comparisons.