← Back to Skills Marketplace
RepoMedic
by
Marcus Rummler
· GitHub ↗
· v1.0.6
1585
Downloads
1
Stars
5
Active Installs
7
Versions
Install in OpenClaw
/install repomedic
Description
Safely triage and remediate GitHub dependency hygiene issues with explicit guardrails. Use when Dependabot PRs fail, pnpm lockfiles break, transitive vulnerabilities appear (e.g., glob/lodash/brace-expansion), or CI/Vercel fails due to dependency resolution. Prioritize low-risk fixes, branch+PR workflow, and plain-English explanations.
Usage Guidance
This skill appears to do what it says: triage and apply low-risk dependency fixes using a branch+PR workflow. Before installing, confirm the agent/platform will: (1) grant only the repository-scoped read/write access you intend (branch-only write), (2) provide access to CI/Vercel logs if needed, and (3) have pnpm/npm/yarn available to run installs. Ask how credentials are supplied (platform token vs. environment variables) and require human approval for medium/high risk actions. Note the small inconsistency: the skill expects package-manager commands but the registry metadata lists no required binaries — verify availability of those tools in your environment. Prefer running the skill in a forked repo or protected branch so changes are visible as a PR before merging.
Capability Analysis
Type: OpenClaw Skill
Name: repomedic
Version: 1.0.6
The OpenClaw AgentSkills bundle 'repomedic' is classified as benign. The `SKILL.md` file, which contains instructions for the AI agent, explicitly defines strong safety guardrails, a least-privilege policy, and non-negotiable 'must NOT' actions. These include never pushing directly to main/master, requiring a branch+PR workflow, limiting local workspace access to the target repository, and preventing external actions or modification of files outside the target repo. While the skill requires capabilities like file modification and command execution (e.g., `pnpm`/`npm`/`yarn`), these are essential for its stated purpose of dependency remediation and are heavily mitigated by the explicit safety instructions, approval gates, and risk labeling, demonstrating a clear intent to operate safely and prevent malicious behavior.
Capability Assessment
Purpose & Capability
Name/description (safe, conservative dependency remediation) aligns with the instructions and requested access (read repo, write to non-default branch, run package manager commands). One minor mismatch: the metadata declares no required binaries, but the runtime instructions explicitly rely on package manager commands (pnpm/npm/yarn). This is a small documentation inconsistency, not a security mismatch.
Instruction Scope
SKILL.md stays within scope: triage Dependabot, lockfile fixes, targeted pnpm.overrides, branch+PR workflow, and validation steps. It does not instruct the agent to read unrelated system files or exfiltrate data. Note: practical operation will require access to repo contents, CI/Vercel failure logs, and network access to package registries — those are expected for the stated tasks and are called out in the doc.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal disk/write footprint. No external downloads or package installs defined by the skill itself.
Credentials
No environment variables or credentials are declared in the metadata (appropriate). The SKILL.md does state it needs read access to the target repo and write access to non-default branches and that it will run package manager commands; these are proportional to purpose. Verify how the platform supplies repo credentials (platform-provided tokens vs. user-provided env vars).
Persistence & Privilege
always:false and user-invocable — the skill does not request permanent or elevated presence. It explicitly forbids pushing to main/master and modifying files outside the target repository, which limits privilege scope.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repomedic - After installation, invoke the skill by name or use
/repomedic - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
- Expanded safety guardrails to prohibit direct pushes to both `main` and `master` branches.
- Refined the approval gate to explicitly require displaying planned file/version changes and always request approval for non-trivial edits.
- Added a new "Required Permissions & Least-Privilege Policy" section outlining strict access and permission boundaries.
- Strengthened prohibitions against modifying files outside the target repository and performing external actions without explicit request.
- Clarified steps for handling missing permissions, emphasizing minimum access and transparent permission requests.
v1.0.5
- Updated SKILL.md with stronger safety guardrails and a clearer dependency-remediation workflow.
- Clarified mission, risk labels, and preferred low-risk remediation patterns.
- Added explicit output contract for consistent, plain-English responses.
- Added clearer “when to use / when not to use” criteria.
- Documentation update only (no code or runtime behavior changes).
v1.0.4
- Added a new "Access & Requirements" section describing RepoMedic's dependency on OpenClaw agent for credentials and permissions.
- Clarified behavior when lacking permissions: RepoMedic now explains access issues and requests only the minimum required permissions.
- No code or functional changes; documentation update only.
v1.0.3
- Removed the lobster emoji 🦞 from the title in SKILL.md for a more streamlined presentation.
- No functional or behavioral changes to the skill; documentation only.
v1.0.2
- Updated skill description for brevity and clarity in the introduction.
- No changes to functionality or usage; documentation wording improved for accessibility.
v1.0.1
- Updated SKILL.md introduction for improved clarity and emphasis on RepoMedic's core maintenance tasks.
- Added a concise opening summary describing what RepoMedic does and its focus areas.
- No functional or behavioral changes; documentation only.
v1.0.0
Initial release of RepoMedic skill.
- Automatically reviews GitHub repositories for dependency issues, broken Dependabot PRs, and security alerts
- Repairs lockfiles, patches transitive dependency vulnerabilities, and applies safe overrides as needed
- Refuses risky upgrades; provides clear explanations and safe next steps when updates would break builds
- Focuses on minimal, targeted pull requests with concise summaries
- No major upgrades or unnecessary changes without user approval
Metadata
Frequently Asked Questions
What is RepoMedic?
Safely triage and remediate GitHub dependency hygiene issues with explicit guardrails. Use when Dependabot PRs fail, pnpm lockfiles break, transitive vulnerabilities appear (e.g., glob/lodash/brace-expansion), or CI/Vercel fails due to dependency resolution. Prioritize low-risk fixes, branch+PR workflow, and plain-English explanations. It is an AI Agent Skill for Claude Code / OpenClaw, with 1585 downloads so far.
How do I install RepoMedic?
Run "/install repomedic" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is RepoMedic free?
Yes, RepoMedic is completely free (open-source). You can download, install and use it at no cost.
Which platforms does RepoMedic support?
RepoMedic is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created RepoMedic?
It is built and maintained by Marcus Rummler (@mrummler17); the current version is v1.0.6.
More Skills