⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

📈 Analytics & BI

Github MergeGuard AIv1.0.0

Name: Github MergeGuard AI
Author: nerdvana-labs

pr-risk-analyzer

nerdvana-labs

Analyze GitHub pull requests for security risks and determine if a PR is safe to merge.

data-analysisdata-vizgithub

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

487

Stars

CreatedFeb 17, 2026

UpdatedApr 27, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install nerdvana-labs/pr-risk-analyzer

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

C47/100

Grade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation5/35

· 1 installs (minimal)
· 487 downloads (low demand)

Documentation14/25

· SKILL.md present
· Moderate documentation (≥1500 chars)
· Detailed summary

Package Completeness6/15

· skillAssets present (1 files)

Security Analysis

⚠️ Medium Risk

UNKNOWN_DATA_SINKhigh

Sends data to undocumented external endpoint (potential exfiltration)

POST → https://pr-risk-analyzer.onrender.com/analyze-pr

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://pr-risk-analyzer.onrender.com/analyze-pr

AI Analysis

The skill sends repository data and potentially access tokens to an undocumented third-party endpoint (pr-risk-analyzer.onrender.com) not controlled by the user or a trusted provider, creating a data exfiltration risk. While the stated purpose is legitimate, the external API is not in a known-safe list and its security practices are unknown, posing a medium risk of credential exposure or data leakage.

Audited Apr 16, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 21, 2026

Software DevelopersDevOps EngineersSecurity Analystsbeginner

💡 Application Scenarios

Open Source Project Security ReviewSoftware Development

Maintainers of open source repositories use this skill to automatically assess incoming pull requests for security risks like exposed API keys or secrets in code changes. It helps prevent accidental leaks before merging contributions from external developers, ensuring the project's security posture is maintained.

Enterprise DevOps Pipeline IntegrationInformation Technology

Companies integrate this skill into their CI/CD pipelines to automatically analyze pull requests for risks such as large-scale code modifications or changes to sensitive configuration files. It provides a risk score that can trigger manual reviews or block merges, enhancing deployment safety and compliance.

Freelancer Code Quality AssuranceConsulting Services

Freelance developers use this skill to self-audit their pull requests before submitting to clients, checking for issues like hardcoded credentials or risky file alterations. It serves as a quick pre-review tool to improve code quality and reduce client-side security concerns.

Educational Institution Project ManagementEducation

In academic settings like coding bootcamps or university courses, instructors employ this skill to evaluate student project pull requests for common security pitfalls. It automates part of the grading process by highlighting risks, allowing focused feedback on secure coding practices.

💼 Business Models

Freemium SaaSSubscription fees

Offer a free tier for public repositories with limited scans per month, and charge subscription fees for private repositories, advanced features like custom risk rules, or higher scan limits. Revenue is generated through monthly or annual plans targeting small to medium-sized teams.

Enterprise LicensingLicense fees

Sell annual licenses to large organizations for on-premises deployment or dedicated cloud instances, including features like SLA guarantees, custom integrations with internal tools, and priority support. Revenue comes from high-value contracts tailored to enterprise security needs.

API-as-a-ServicePay-per-use fees

Monetize the core analysis API by charging per API call or offering tiered usage packages, allowing other developers to embed the risk analysis into their own applications. Revenue is generated based on usage volume, appealing to integrators and platform builders.

💬 Integration Tip

Ensure the GitHub access token has minimal required permissions (e.g., repo scope for private repos) to enhance security, and test the API with sample PRs to verify response parsing before full deployment.