← Back to Skills Marketplace
Peter Commit Ops
by
chinasilva
· GitHub ↗
· v1.1.0
407
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install peter-commit-ops
Description
提交与建 PR 桥接自动化。负责将“可提交”改动落成 commit、推送分支并创建 PR,衔接 peter-code-review 与 peter-pr-ops。用于用户提到“帮我提交”“推分支”“创建 PR”“从 review 到 merge 串起来”等场景。
Usage Guidance
This skill appears to do what it says (turn staged changes into commits, push branches, and create PRs), but the metadata omits important runtime expectations. Before installing or enabling it: 1) Confirm the agent environment has git, and (if you want full automation) the GitHub CLI (gh) and any necessary npm tooling. 2) Be aware the skill will use whatever git/GitHub credentials are available — ensure those credentials have appropriately limited scope (e.g., a deploy key or a token without admin rights) or require manual approval before push/PR. 3) Require an explicit confirmation step (or dry-run mode) before any automatic git add/commit/push to avoid unintended repository changes. 4) Prefer the skill to document required binaries and credential requirements in metadata (declare git, gh, npm and note that GH auth is needed). If you cannot trust the environment’s credentials or want stricter control, do not give the agent permission to run this skill autonomously and instead invoke it manually when you can supervise the actions.
Capability Analysis
Type: OpenClaw Skill
Name: peter-commit-ops
Version: 1.1.0
The skill instructs the agent to execute `npm run workflow:check` or shell scripts (`tools/workflow-check.sh`, `scripts/workflow-check`) from the user's repository (SKILL.md). This introduces a potential Remote Code Execution (RCE) vulnerability if the repository's scripts are malicious, as the skill itself does not define or validate their content. While the use of `gh pr create --fill` (SKILL.md) involves network interaction and potential data exposure, it aligns with the stated purpose. The skill also includes '护栏' (guardrails) to prevent common dangerous actions like direct pushes to `main`/`master`, indicating an intent for safe operation within its defined scope, but the reliance on untrusted repository scripts makes it suspicious.
Capability Assessment
Purpose & Capability
The SKILL.md focuses on checking the working tree, creating commits, pushing branches, and creating/updating PRs — this matches the skill name and description. However, the package metadata declares no required binaries or credentials even though the instructions call for git, npm (optional workflow checks), and the GitHub CLI (gh). The lack of declared runtime dependencies is an inconsistency (likely sloppy/omission rather than malicious) but worth flagging.
Instruction Scope
Runtime instructions stay within the expected scope: they run git status/diff/add/commit/push, may run a repository-local workflow check script or `npm run workflow:check`, and use `gh pr create` to create/update PRs. The steps include sensible safeguards (avoid git add . by default, block commits if review failed, disallow direct push to main/master). The instructions do not request unrelated system files or exfiltrate data to unknown endpoints; external network activity is limited to standard Git/GitHub operations.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there is no installer or downloaded code to evaluate. That lowers install-time risk. The risk is therefore operational (it will execute local git/gh commands) rather than an install-time risk.
Credentials
The skill declares no required environment variables or primary credential, but it implicitly depends on local git credentials and GitHub authentication for `git push` and `gh pr create`, and possibly on npm for repo checks. The omission means the skill will rely on whatever credentials are present in the agent environment (SSH keys, saved git creds, or GH CLI auth). That lack of explicit declaration is a proportionality/information problem: users may not realize the skill will exercise existing credentials with push/PR privileges.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not modify other skills or system-wide settings. It requires the usual runtime permission to run git/gh commands in the repository context; autonomous invocation is allowed by default but is not itself flagged here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install peter-commit-ops - After installation, invoke the skill by name or use
/peter-commit-ops - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
- 新增完整执行流程和适用场景文档,详细说明 peter-commit-ops 的功能与护栏规范。
- 明确支持从“可提交”改动自动完成 commit、推送分支、创建/汇报 PR 的串行自动化。
- 增加多步前置检查(如工作区是否有变更、审查门禁、分支策略)和风险高亮输出。
- 明确输出标准与失败/阻塞场景的提示方式。
- 巩固与 peter-code-review、peter-ci-gate、peter-pr-ops 的衔接流程与交接规范。
Metadata
Frequently Asked Questions
What is Peter Commit Ops?
提交与建 PR 桥接自动化。负责将“可提交”改动落成 commit、推送分支并创建 PR,衔接 peter-code-review 与 peter-pr-ops。用于用户提到“帮我提交”“推分支”“创建 PR”“从 review 到 merge 串起来”等场景。 It is an AI Agent Skill for Claude Code / OpenClaw, with 407 downloads so far.
How do I install Peter Commit Ops?
Run "/install peter-commit-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Peter Commit Ops free?
Yes, Peter Commit Ops is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Peter Commit Ops support?
Peter Commit Ops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Peter Commit Ops?
It is built and maintained by chinasilva (@chinasilva); the current version is v1.1.0.
More Skills