Get Started →

    On this page

    How to Set Up the OpenClaw GitHub Skill

    The OpenClaw GitHub skill is different from the GitHub integration guide. The integration guide covers building custom automation — webhooks, GraphQL queries, triage logic from scratch. This guide is about the skill: installing it, scoping permissions correctly, and getting the daily “open PRs needing review” digest running in under 30 minutes.

    If you want automation that just works without building it yourself, this is the guide.

    Installing the GitHub Skill

    The GitHub skill is available in OpenClaw’s skill marketplace. Install it:

    @openclaw install skill github
    

    Or from the skills directory:

    @openclaw skills search github
    > Found: github-core v2.1.0 — Issues, PRs, code review digest
    > Install? [y/n]
    

    After installation, the skill needs credentials before it can do anything useful:

    @openclaw setup github skill
    

    This launches the guided setup flow.

    GitHub App Setup: The Right Auth Method

    The skill uses a GitHub App by default — not a Personal Access Token. This matters and is worth understanding before you proceed.

    Why GitHub App, not PAT:

    A PAT acts as you. Every comment, label, or status update OpenClaw makes shows up as your personal account. On active repos where colleagues see the activity feed, this creates noise. It also means if you rotate your PAT (which you should do periodically), the skill breaks until you update it.

    A GitHub App has its own identity, its own rate limit allocation, and doesn’t expire. Actions appear as “[YourAppName] · GitHub App” — clearly identifiable as automation, not your personal activity.

    Create your GitHub App:

    The skill setup flow walks you through this, but manually:

    1. GitHub → Settings → Developer settings → GitHub Apps → New GitHub App
    2. App name: something like “OpenClaw-YourName”
    3. Homepage URL: https://paioclaw.ai (or your own URL)
    4. Webhook: Uncheck “Active” for now — you can enable later
    5. Permissions:
      • Repository permissions:
        • Contents: Read-only
        • Issues: Read and write
        • Pull requests: Read and write
        • Commit statuses: Read-only
        • Metadata: Read-only (mandatory)
      • Account permissions: none needed for skill use
    6. Where can this be installed: Only on this account
    7. Create the App
    8. Generate a private key → download the .pem file
    9. Note the App ID (shown at the top of the App settings page)

    Install the App on your repos:

    GitHub App settings → Install App → Install on your personal account → Choose repos (specific repos or all).

    @openclaw configure github skill
    > App ID: [paste your App ID]
    > Private key path: [path to .pem file]
    > Installation ID: [found in: github.com/apps/your-app-name/installations]
    

    Verify:

    @openclaw check github skill
    > ✅ Connected. App: OpenClaw-YourName
    > Repos accessible: 12
    > Rate limit: 5,000/hour (fresh)
    

    Repo-Scoped Permissions

    One of the advantages of GitHub Apps over PATs: you can scope access to specific repos rather than everything.

    When you installed the App, you chose which repos it has access to. You can adjust this at any time:

    • GitHub → Settings → Applications → Installed GitHub Apps → [Your App] → Configure
    • Change repo access: All repositories vs. Only select repositories

    Recommendation: Start with “Only select repositories” and add repos explicitly. This limits blast radius if your App credentials are ever compromised, and keeps the skill focused on repos you actually care about.

    # OpenClaw GitHub skill config
    github:
      focus_repos:
        - "yourorg/main-product"
        - "yourorg/api-service"
        - "yourname/personal-project"
      ignore_repos:
        - "yourorg/archived-*"  # Glob patterns supported
    

    The focus_repos list filters OpenClaw’s queries — it won’t surface issues or PRs from repos not on the list, even if the App has access to them.

    The Daily “Open PRs Needing Review” Digest

    This is the highest-value default automation the GitHub skill provides. If you review PRs regularly, this digest replaces the morning ritual of clicking through GitHub notifications to find what actually needs your attention.

    Setup

    @openclaw github digest setup
    

    Prompts:

    • What time do you want the digest? 9am
    • Which repos? yourorg/main-product, yourorg/api-service
    • What counts as “needs review”? Options: assigned to you, requested reviewer, team member PRs, all open PRs
    github:
      digest:
        schedule: "0 9 * * 1-5"  # 9am weekdays
        repos:
          - "yourorg/main-product"
          - "yourorg/api-service"
        include:
          review_requested: true     # You've been explicitly requested
          assigned: true             # PR assigned to you
          team_prs: true             # PRs from your team (define team below)
          authored_by_me: false      # Your own PRs (usually skip)
        team_members:
          - "alice"
          - "bob"
          - "carlos"
    

    Digest Output

    ? GitHub Digest — Tuesday May 19, 2026
    
    NEEDS YOUR REVIEW (3)
    
    ? [URGENT] yourorg/api-service #847
       Fix: null pointer in payment processor
       Author: alice | Opened: 3 days ago | Size: S (47 lines)
       Status: 1 approval needed, CI ✅
       → https://github.com/yourorg/api-service/pull/847
    
    ? yourorg/main-product #1203
       Feature: Add OAuth 2.0 support
       Author: bob | Opened: 1 day ago | Size: L (340 lines)
       Status: 0 approvals, CI ✅
       → https://github.com/yourorg/main-product/pull/1203
    
    ? yourorg/main-product #1198
       Chore: Update dependencies
       Author: carlos | Opened: 5 days ago | Size: XS (12 lines)
       Status: 1 approval needed (stale — no activity in 3 days)
       → https://github.com/yourorg/main-product/pull/1198
    
    YOUR OPEN PRS (2)
    
    ⏳ yourorg/api-service #831 — Waiting on 2 reviewers (5 days)
    ⏳ yourorg/main-product #1187 — Changes requested by alice (2 days)
    
    MERGED YESTERDAY (4)
    • #1195, #1192, #1188, #1183
    
    Nothing else needs attention today.
    

    The urgency flags (?/?) are based on:

    • Age of PR
    • Whether it’s blocking a deployment
    • Whether CI is failing
    • Number of approvals still needed

    Customizing Urgency Rules

    github:
      digest:
        urgency_rules:
          red_if:
            - age_days: 3
              approvals_needed: 1
            - ci_failing: true
          yellow_if:
            - age_days: 1
              approvals_needed: 0
          size_labels:
            xs: 10    # lines of code thresholds
            s: 50
            m: 200
            l: 500
    

    Issue Notifications

    Beyond PRs, the skill can surface issues that need attention:

    @openclaw what issues were opened in my repos today?
    
    New Issues Today (4)
    
    yourorg/main-product:
    • #567: Bug: Login fails on Safari 17 — unlabeled, unassigned
    • #568: Feature request: Dark mode support — labeled enhancement
    
    yourorg/api-service:
    • #234: Question: Rate limit documentation unclear — labeled question
    • #235: Bug: Timeout on large payloads — labeled bug, assigned to you
    
    1 issue assigned to you needs action.
    

    Auto-Label New Issues

    @openclaw when a new issue is opened in my repos, auto-label it based on content
    

    The skill applies labels automatically:

    • bug — error, crash, broken, not working
    • enhancement — feature, add, support for, improve
    • question — how to, what is, documentation
    • security — vulnerability, CVE, exposed, injection
    github:
      auto_label:
        enabled: true
        repos: ["yourorg/main-product"]
        rules:
          bug:
            keywords: ["error", "crash", "broken", "fail", "not working"]
            label: "bug"
          enhancement:
            keywords: ["feature", "add", "support", "improve", "enhance"]
            label: "enhancement"
    

    PR Summary on Open

    When a PR is opened in your repos, the skill can post an auto-generated summary comment:

    github:
      pr_summary:
        enabled: true
        repos: ["yourorg/main-product"]
        post_as_comment: true
        disclaimer: true  # Always adds "AI-generated" note
    

    The comment clearly marks itself as AI-generated and focuses on:

    • What changed (in plain English)
    • Files affected
    • Suggested review focus areas

    It does not:

    • Approve the PR
    • Request changes
    • Post blocking feedback

    Advisory only — the PR author and reviewers remain in full control.

    Checking CI Status

    @openclaw check CI status for my open PRs
    
    CI Status — Your Open PRs
    
    ✅ yourorg/api-service #831 — All checks passing
    ❌ yourorg/main-product #1187 — 1 failing check
       Failed: unit-tests
       Last run: 2 hours ago
       → https://github.com/yourorg/main-product/actions/runs/12345
    

    Skill Commands Reference

    # Digest
    @openclaw github digest             # Run digest now
    @openclaw github digest setup       # Configure digest schedule
    
    # PRs
    @openclaw github prs needing review        # PRs waiting for you
    @openclaw github prs I authored            # Your open PRs
    @openclaw github pr status [url or #num]   # Status of a specific PR
    
    # Issues
    @openclaw github issues today              # New issues today
    @openclaw github issues assigned to me     # Your assigned issues
    @openclaw github issue #[num] in [repo]    # Specific issue details
    
    # Repos
    @openclaw github repos                     # List accessible repos
    @openclaw github ci status                 # CI for your open PRs
    

    PaioClaw vs. Self-Hosted

    The skill runs fully self-hosted. PaioClaw adds:

    Webhook-based real-time alerts: Instead of a once-daily digest, get notified immediately when a PR is assigned to you or CI fails. Requires a public webhook endpoint — PaioClaw provides one, self-hosted requires a server.

    Mobile digest: View and interact with the digest from PaioClaw’s mobile interface. Useful for approving straightforward PRs (like dependency updates) while away from your desk.

    Cross-repo analytics: Track review turnaround time, PR cycle time, and team throughput across repos over time. These reports require storing historical data — PaioClaw maintains this automatically.

    Plans start free, Smart at $15/mo, Genius at $25/mo.

    Summary

    Install the skill, create a GitHub App (not a PAT), scope it to the repos you care about, and set up the morning digest. That’s the core workflow and it takes under 30 minutes to configure.

    The digest is the primary value driver — it replaces notification triage with a structured, prioritized list of what actually needs your attention. Everything else (auto-labeling, CI status, PR summaries) builds on top of the same credential setup and can be enabled incrementally.

    Join Our Community

    Connect with other PaioClaw users, share tips, and stay up to date.