← Back to Skills Marketplace
46
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install yihui-github-monitor
Description
Monitor multiple GitHub repos with configurable alert policies for releases, PRs, and security, sending low-noise notifications via scheduled cron jobs.
Usage Guidance
This skill appears to be a legitimate GitHub monitor, but there are gaps between what it says it will do and what it declares it needs. Before installing, confirm these points with the author or your admin:
- Where will the state file be stored? Prefer a workspace-scoped, non-root path you control; prevent writing to arbitrary /root paths.
- How are notifications delivered? Ask which notify_target mapping the platform provides and whether you must supply Slack/Telegram/Feishu/Discord tokens; require explicit documentation and least-privileged tokens for messaging.
- Will you provide a GitHub token? Monitoring many repos typically needs an authenticated token to avoid rate limits — only grant a token with repo:public_repo scope (or narrower) and rotate it periodically.
- Verify that the agent will not backfill historical events (SKILL.md says it should not); confirm initial-run behavior in practice.
If the author can update the skill metadata to declare required config paths and env vars (and allow configuring a non-root state path), the mismatches would be resolved. If you cannot get that assurance, treat the skill as higher risk and restrict its filesystem and credential access.
Capability Analysis
Type: OpenClaw Skill
Name: yihui-github-monitor
Version: 1.0.0
The skill is a well-defined GitHub repository monitor designed for OpenClaw. It provides clear instructions for an AI agent to track releases, commits, and PRs using public APIs, with logic for severity scoring and state management to prevent notification noise. No indicators of malicious intent, data exfiltration, or unauthorized execution were found in SKILL.md or _meta.json.
Capability Assessment
Purpose & Capability
Name/description and SKILL.md align: it is a GitHub repo monitor that polls the GitHub API and sends notifications. However, the skill expects persistent state storage (a state_file path is suggested under /root/.openclaw/...) and delivery to notify targets (telegram/slack/feishu/discord/channel) but the registry metadata declares no required config paths or credentials. Those capabilities are plausible for this purpose but the lack of declared filesystem access and credentials is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to read/write persistent state (installed_at, last_checked_at, last_notified_at, pending_daily) and to initialize state on first-run. It also recommends sending degradation/recovery alerts and delivering notifications to various channel types. Those are within the monitor's scope, but the instructions hard-code an example path under /root and assume the agent can persist and deliver notifications without describing how authentication for GitHub or messaging channels is obtained. The skill does not instruct reading unrelated system files or secrets, but it does require write access to a filesystem location that may be privileged.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal on-disk installation risk. Nothing is downloaded or written by an install step itself; the runtime instructions cause state writes, which is expected behavior for a monitor.
Credentials
Registry metadata declares no required env vars/credentials, but practical operation likely needs: (a) a GitHub token to avoid strict public rate limits when monitoring many repos, and (b) credentials or channel tokens to post to external messaging services. The SKILL.md mentions multiple notification backends but provides no guidance or declared requirements for their credentials. This mismatch could lead to the agent storing or using credentials outside expected metadata or attempt unauthenticated calls with degraded behavior.
Persistence & Privilege
The skill requests persistent state via a state_file and recommends a path under /root/.openclaw/workspace/memory/..., but it does not request always:true or elevated platform privileges. Persisting state is reasonable for deduplication and digests, but using /root paths may be inappropriate on multi-tenant systems. The skill does not request modifying other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yihui-github-monitor - After installation, invoke the skill by name or use
/yihui-github-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is YiHui GITHUB MONITOR?
Monitor multiple GitHub repos with configurable alert policies for releases, PRs, and security, sending low-noise notifications via scheduled cron jobs. It is an AI Agent Skill for Claude Code / OpenClaw, with 46 downloads so far.
How do I install YiHui GITHUB MONITOR?
Run "/install yihui-github-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is YiHui GITHUB MONITOR free?
Yes, YiHui GITHUB MONITOR is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does YiHui GITHUB MONITOR support?
YiHui GITHUB MONITOR is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created YiHui GITHUB MONITOR?
It is built and maintained by 辉哥 (@1yihui); the current version is v1.0.0.
More Skills