← Back to Skills Marketplace
Repo Onboarding Guide
by
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
105
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install repo-onboarding-guide
Description
扫描仓库目录与说明文件,生成新成员上手路径、推荐阅读顺序与踩坑提醒。;use for repo, onboarding, developer-experience workflows;do not use for 泄漏私有源码内容到外部, 执行构建命令.
Usage Guidance
This skill appears to do what it says (produce onboarding reports) and only needs python3, but there is a notable mismatch: docs claim it only inspects directory/file names while the script actually reads file contents (Markdown, code, CSV) and pattern-scans for secrets. Before installing or running: 1) review scripts/run.py yourself (it's bundled) and confirm you are comfortable with it reading repository files; 2) do not run it against repositories containing secrets or private data unless you are prepared to review/strip outputs first; 3) run in a sandbox or with --dry-run and inspect generated output before sharing externally; 4) if you require stricter guarantees (e.g., only filenames), request or implement a version that limits reads to file metadata only; 5) if you plan to allow autonomous invocation, be aware that an agent could run the script on any repository it has access to — restrict skill usage or add explicit checks to avoid accidental data leakage.
Capability Analysis
Type: OpenClaw Skill
Name: repo-onboarding-guide
Version: 1.0.0
The skill bundle is a repository analysis tool designed to generate onboarding guides by scanning local file structures and documentation. The core logic in `scripts/run.py` performs read-only operations, including a security-focused feature that uses regex to detect (but not execute) risky patterns like hardcoded secrets or 'curl|bash' commands in the target repository. The instructions in `SKILL.md` and `README.md` are well-defined, explicitly prohibiting data exfiltration and unauthorized command execution, and the code contains no network activity, obfuscation, or persistence mechanisms.
Capability Assessment
Purpose & Capability
Name/description, required binary (python3), and included files align with a repo-audit/onboarding generator. However SKILL.md and README emphasize a safety boundary '默认只读目录与文件名' (only read filenames), while scripts/run.py clearly reads file contents (Markdown, source files, CSVs) to build reports and pattern matches. This is an internal inconsistency between claimed safe scope and actual capability.
Instruction Scope
Runtime instructions permit executing the local script (python3 scripts/run.py ...) and instruct the agent to produce structured outputs. The SKILL.md warns not to leak private source and not to run builds, but it still permits running the script which will read full file contents and pattern-scan for secrets. There is no automated safeguard preventing the agent from including sensitive content in outputs — the skill relies on the operator to sanitize.
Install Mechanism
No external install step or downloads. The skill is instruction-only with an included Python script; nothing pulls code from remote URLs or executes installers. This is low-risk from supply-chain/install perspective.
Credentials
No environment variables or credentials are requested. The skill does read files from a supplied directory (including source files), which is necessary for the stated purpose, but this increases the chance of accidental exposure of secrets present in the repository.
Persistence & Privilege
always=false and no special privileges requested. The skill does not attempt to modify other skill configs or system-wide settings. It can be executed locally; autonomy (model invocation) is enabled by default but not unusual — note that autonomous execution combined with the ability to read repo files increases blast radius if misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repo-onboarding-guide - After installation, invoke the skill by name or use
/repo-onboarding-guide - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of repo-onboarding-guide.
- Scans repository directories and documentation to generate onboarding guides for new members.
- Produces reading order recommendations, onboarding paths, and common pitfalls.
- Includes strict boundaries: does not leak private code, execute build commands, or perform external write actions.
- Structured outputs: repository overview, key folders, preparation steps, and documentation suggestions.
- Supports dry-run/audit mode and adds explicit boundaries for privacy, risk, and compliance.
Metadata
Frequently Asked Questions
What is Repo Onboarding Guide?
扫描仓库目录与说明文件,生成新成员上手路径、推荐阅读顺序与踩坑提醒。;use for repo, onboarding, developer-experience workflows;do not use for 泄漏私有源码内容到外部, 执行构建命令. It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.
How do I install Repo Onboarding Guide?
Run "/install repo-onboarding-guide" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repo Onboarding Guide free?
Yes, Repo Onboarding Guide is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Repo Onboarding Guide support?
Repo Onboarding Guide is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).
Who created Repo Onboarding Guide?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.
More Skills