yuhang

一个"制造技能的技能"。这个工具自动化了将任意 GitHub 仓库转换为标准化 Trae 技能的全过程，是扩展 AI Agent 能力的核心工具。

This tool is coherent with its stated goal (cloning and scaffolding GitHub repos) but has multiple risky behaviors you should consider before installing or running it: - Treat all cloned repositories as untrusted. Do not run their scripts or 'help' commands on your primary system; run verification in an isolated environment (container, VM) or inspect the code first. - The forge script automatically loads .env files from its directory, parent, and the current working directory. Before running, ensure there are no sensitive .env files in those locations; prefer running in a clean/empty working directory. - The script defaults to using third-party clone/API mirrors and a proxy. If you must use the tool, disable proxying or replace mirror lists with official hosts (api.github.com, github.com) to avoid leaking repo URLs/content to unknown domains. - Review generated SKILL.md and any wrapper scripts the tool creates before allowing the agent to invoke them autonomously. Consider setting min_stars or enabling safety checks to reduce risk of scaffolding obscure/low-quality repos. - If you require automated skill forging, run this tool in a sandboxed environment and audit the script (forge.py) entirely for any additional network calls or subprocess invocations not visible in the truncated snapshot. If you want, I can: (1) highlight exact lines in scripts/forge.py that implement .env loading and mirror defaults, (2) suggest safe configuration edits to disable proxying and .env loading, or (3) produce a checklist for safely vetting a cloned repository before adding it as a skill.

Type: OpenClaw Skill Name: yuhang Version: 1.0.0 The github-skill-forge bundle is a meta-tool designed to automate the conversion of arbitrary GitHub repositories into agent skills. While it serves a functional purpose, it exhibits several high-risk behaviors: it uses `subprocess.run` with `shell=True` to execute git commands, relies on multiple third-party mirrors (e.g., gitclone.com, ghproxy.net, kkgithub.com) for data retrieval, and provides instructions in `SKILL.md` that prompt the AI agent to execute unvetted code and install dependencies (e.g., `pip install`) from external sources. Although it includes a basic 'safety check' based on GitHub stars and attempts to protect the `GITHUB_TOKEN` by only sending it to official GitHub endpoints, the inherent design facilitates the execution of untrusted third-party code, creating a significant risk for remote code execution (RCE) and prompt injection.