The OpenClaw GitHub skill is different from the GitHub integration guide. The integration guide covers building custom automation — webhooks, GraphQL queries, triage logic from scratch. This guide is about the skill: installing it, scoping permissions correctly, and getting the daily “open PRs needing review” digest running in under 30 minutes.
If you want automation that just works without building it yourself, this is the guide.
Installing the GitHub Skill
The GitHub skill is available in OpenClaw’s skill marketplace. Install it:
@openclaw install skill github
Or from the skills directory:
@openclaw skills search github
> Found: github-core v2.1.0 — Issues, PRs, code review digest
> Install? [y/n]
After installation, the skill needs credentials before it can do anything useful:
@openclaw setup github skill
This launches the guided setup flow.
GitHub App Setup: The Right Auth Method
The skill uses a GitHub App by default — not a Personal Access Token. This matters and is worth understanding before you proceed.
Why GitHub App, not PAT:
A PAT acts as you. Every comment, label, or status update OpenClaw makes shows up as your personal account. On active repos where colleagues see the activity feed, this creates noise. It also means if you rotate your PAT (which you should do periodically), the skill breaks until you update it.
A GitHub App has its own identity, its own rate limit allocation, and doesn’t expire. Actions appear as “[YourAppName] · GitHub App” — clearly identifiable as automation, not your personal activity.
Create your GitHub App:
The skill setup flow walks you through this, but manually:
- GitHub → Settings → Developer settings → GitHub Apps → New GitHub App
- App name: something like “OpenClaw-YourName”
- Homepage URL:
https://paioclaw.ai(or your own URL) - Webhook: Uncheck “Active” for now — you can enable later
- Permissions:
- Repository permissions:
- Contents: Read-only
- Issues: Read and write
- Pull requests: Read and write
- Commit statuses: Read-only
- Metadata: Read-only (mandatory)
- Account permissions: none needed for skill use
- Repository permissions:
- Where can this be installed: Only on this account
- Create the App
- Generate a private key → download the
.pemfile - Note the App ID (shown at the top of the App settings page)
Install the App on your repos:
GitHub App settings → Install App → Install on your personal account → Choose repos (specific repos or all).
@openclaw configure github skill
> App ID: [paste your App ID]
> Private key path: [path to .pem file]
> Installation ID: [found in: github.com/apps/your-app-name/installations]
Verify:
@openclaw check github skill
> ✅ Connected. App: OpenClaw-YourName
> Repos accessible: 12
> Rate limit: 5,000/hour (fresh)
Repo-Scoped Permissions
One of the advantages of GitHub Apps over PATs: you can scope access to specific repos rather than everything.
When you installed the App, you chose which repos it has access to. You can adjust this at any time:
- GitHub → Settings → Applications → Installed GitHub Apps → [Your App] → Configure
- Change repo access: All repositories vs. Only select repositories
Recommendation: Start with “Only select repositories” and add repos explicitly. This limits blast radius if your App credentials are ever compromised, and keeps the skill focused on repos you actually care about.
# OpenClaw GitHub skill config
github:
focus_repos:
- "yourorg/main-product"
- "yourorg/api-service"
- "yourname/personal-project"
ignore_repos:
- "yourorg/archived-*" # Glob patterns supported
The focus_repos list filters OpenClaw’s queries — it won’t surface issues or PRs from repos not on the list, even if the App has access to them.
The Daily “Open PRs Needing Review” Digest
This is the highest-value default automation the GitHub skill provides. If you review PRs regularly, this digest replaces the morning ritual of clicking through GitHub notifications to find what actually needs your attention.
Setup
@openclaw github digest setup
Prompts:
- What time do you want the digest?
9am - Which repos?
yourorg/main-product, yourorg/api-service - What counts as “needs review”? Options: assigned to you, requested reviewer, team member PRs, all open PRs
github:
digest:
schedule: "0 9 * * 1-5" # 9am weekdays
repos:
- "yourorg/main-product"
- "yourorg/api-service"
include:
review_requested: true # You've been explicitly requested
assigned: true # PR assigned to you
team_prs: true # PRs from your team (define team below)
authored_by_me: false # Your own PRs (usually skip)
team_members:
- "alice"
- "bob"
- "carlos"
Digest Output
? GitHub Digest — Tuesday May 19, 2026
NEEDS YOUR REVIEW (3)
? [URGENT] yourorg/api-service #847
Fix: null pointer in payment processor
Author: alice | Opened: 3 days ago | Size: S (47 lines)
Status: 1 approval needed, CI ✅
→ https://github.com/yourorg/api-service/pull/847
? yourorg/main-product #1203
Feature: Add OAuth 2.0 support
Author: bob | Opened: 1 day ago | Size: L (340 lines)
Status: 0 approvals, CI ✅
→ https://github.com/yourorg/main-product/pull/1203
? yourorg/main-product #1198
Chore: Update dependencies
Author: carlos | Opened: 5 days ago | Size: XS (12 lines)
Status: 1 approval needed (stale — no activity in 3 days)
→ https://github.com/yourorg/main-product/pull/1198
YOUR OPEN PRS (2)
⏳ yourorg/api-service #831 — Waiting on 2 reviewers (5 days)
⏳ yourorg/main-product #1187 — Changes requested by alice (2 days)
MERGED YESTERDAY (4)
• #1195, #1192, #1188, #1183
Nothing else needs attention today.
The urgency flags (?/?) are based on:
- Age of PR
- Whether it’s blocking a deployment
- Whether CI is failing
- Number of approvals still needed
Customizing Urgency Rules
github:
digest:
urgency_rules:
red_if:
- age_days: 3
approvals_needed: 1
- ci_failing: true
yellow_if:
- age_days: 1
approvals_needed: 0
size_labels:
xs: 10 # lines of code thresholds
s: 50
m: 200
l: 500
Issue Notifications
Beyond PRs, the skill can surface issues that need attention:
@openclaw what issues were opened in my repos today?
New Issues Today (4)
yourorg/main-product:
• #567: Bug: Login fails on Safari 17 — unlabeled, unassigned
• #568: Feature request: Dark mode support — labeled enhancement
yourorg/api-service:
• #234: Question: Rate limit documentation unclear — labeled question
• #235: Bug: Timeout on large payloads — labeled bug, assigned to you
1 issue assigned to you needs action.
Auto-Label New Issues
@openclaw when a new issue is opened in my repos, auto-label it based on content
The skill applies labels automatically:
bug— error, crash, broken, not workingenhancement— feature, add, support for, improvequestion— how to, what is, documentationsecurity— vulnerability, CVE, exposed, injection
github:
auto_label:
enabled: true
repos: ["yourorg/main-product"]
rules:
bug:
keywords: ["error", "crash", "broken", "fail", "not working"]
label: "bug"
enhancement:
keywords: ["feature", "add", "support", "improve", "enhance"]
label: "enhancement"
PR Summary on Open
When a PR is opened in your repos, the skill can post an auto-generated summary comment:
github:
pr_summary:
enabled: true
repos: ["yourorg/main-product"]
post_as_comment: true
disclaimer: true # Always adds "AI-generated" note
The comment clearly marks itself as AI-generated and focuses on:
- What changed (in plain English)
- Files affected
- Suggested review focus areas
It does not:
- Approve the PR
- Request changes
- Post blocking feedback
Advisory only — the PR author and reviewers remain in full control.
Checking CI Status
@openclaw check CI status for my open PRs
CI Status — Your Open PRs
✅ yourorg/api-service #831 — All checks passing
❌ yourorg/main-product #1187 — 1 failing check
Failed: unit-tests
Last run: 2 hours ago
→ https://github.com/yourorg/main-product/actions/runs/12345
Skill Commands Reference
# Digest
@openclaw github digest # Run digest now
@openclaw github digest setup # Configure digest schedule
# PRs
@openclaw github prs needing review # PRs waiting for you
@openclaw github prs I authored # Your open PRs
@openclaw github pr status [url or #num] # Status of a specific PR
# Issues
@openclaw github issues today # New issues today
@openclaw github issues assigned to me # Your assigned issues
@openclaw github issue #[num] in [repo] # Specific issue details
# Repos
@openclaw github repos # List accessible repos
@openclaw github ci status # CI for your open PRs
PaioClaw vs. Self-Hosted
The skill runs fully self-hosted. PaioClaw adds:
Webhook-based real-time alerts: Instead of a once-daily digest, get notified immediately when a PR is assigned to you or CI fails. Requires a public webhook endpoint — PaioClaw provides one, self-hosted requires a server.
Mobile digest: View and interact with the digest from PaioClaw’s mobile interface. Useful for approving straightforward PRs (like dependency updates) while away from your desk.
Cross-repo analytics: Track review turnaround time, PR cycle time, and team throughput across repos over time. These reports require storing historical data — PaioClaw maintains this automatically.
Plans start free, Smart at $15/mo, Genius at $25/mo.
Summary
Install the skill, create a GitHub App (not a PAT), scope it to the repos you care about, and set up the morning digest. That’s the core workflow and it takes under 30 minutes to configure.
The digest is the primary value driver — it replaces notification triage with a structured, prioritized list of what actually needs your attention. Everything else (auto-labeling, CI status, PR summaries) builds on top of the same credential setup and can be enabled incrementally.

