技能详情(站内镜像,无评论)
作者:Corbin Breton @corbin-breton
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 0 · 21 · 1 current installs · 1 all-time installs
⭐ 0
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:bloodandeath/repo-guardian
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill largely does what it says (automated dual-model PR review and triage) but contains multiple inconsistencies and privacy/credential assumptions you should verify before installing.
目的
The SKILL.md and script implement a GitHub PR reviewer that needs GH_TOKEN, the gh CLI, curl, python3, and the OpenClaw agent CLI; however the registry metadata declares no required env vars or required binaries — that is inconsistent. Requiring a GitHub token and the ability to call OpenClaw agents is reasonable for this purpose, but those requirements should be declared in metadata. Also the skill references specific agent names (openforge-c…
说明范围
The runtime instructions and the script send full PR diffs and file lists to configured agents (Opus/GPT/fallbacks) via the openclaw agent CLI. That is expected for a code review tool, but it means repository code (including any secrets accidentally committed) is transmitted to whichever model providers your OpenClaw agents connect to. The SKILL.md asserts tokens are never transmitted; the script does not include GH_TOKEN in the model prompt, …
安装机制
There is no install spec — the skill is delivered as instructions plus a bash script. That minimizes install-time risk, but it relies on system tooling (curl, gh, python3, openclaw).
证书
The SKILL.md requires GH_TOKEN and optional GUARDIAN_* env vars, but the registry metadata lists no required env vars. The script will also attempt to obtain a token via 'gh auth token' if GH_TOKEN is not set. Because the script can auto-merge PRs, GH_TOKEN must have repo write/merge scope; ensure the token's scopes are minimal (e.g., restrict to the target repo) and that auto-merge remains disabled unless you explicitly opt in. The skill does…
持久
The skill is not always-enabled and doesn't modify other skills or system-wide configs. It suggests adding a cron job to OpenClaw's cron; that is normal for scheduled automation. It does not attempt to persist credentials or change other skills' settings in the provided files.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Repo Guardian」。简介:Automated GitHub PR review governance and repository maintenance automation. Us…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/bloodandeath/repo-guardian/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。