← Back to Skills Marketplace
448
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-digest
Description
Generate a structured GitHub repo digest with briefing summary, categorized changes (breaking/major features/minor features/bug fixes), community discussions...
README (SKILL.md)
GitHub Digest
Generate structured, link-rich GitHub repo digests with a briefing overview and categorized details.
Prerequisites
ghCLI authenticated (gh auth status)
Workflow
1. Gather Data
Run these gh commands in parallel for the target repo (default: openclaw/openclaw):
# Recent releases (last 5)
gh release list --repo OWNER/REPO --limit 5
# Latest release notes
gh release view TAG --repo OWNER/REPO --json body --jq '.body'
# Recently merged PRs (last 30)
gh pr list --repo OWNER/REPO --state merged --limit 30 \
--json number,title,author,mergedAt,labels \
--jq '.[] | "[\(.mergedAt[:10])] #\(.number) \(.title) by @\(.author.login) [\([.labels[].name] | join(","))]"'
# Hot open issues (sorted by comments)
gh issue list --repo OWNER/REPO --state open --limit 30 \
--json number,title,comments,labels \
| jq -r '[.[] | {n:.number,t:.title,c:.comments,l:[.labels[].name]}] | sort_by(.c) | reverse | .[0:15] | .[] | "[\(.c)] #\(.n) \(.t) [\(.l | join(","))]"'
Adjust --limit and time range based on user's request (today / this week / this month).
2. Output Format
Structure the digest in this exact order:
📋 Briefing(总览)
A 3-5 sentence executive summary covering:
- What version was released and when
- Core themes (2-3 keywords, e.g. "安全加固、Plugin SDK 开放、工具能力扩展")
- Most impactful change in one line
- Community pulse (what people are discussing)
- Any breaking changes warning
⚠️ Breaking Changes
List each breaking change with:
- What changed
- Migration action required
- Link to docs if available
Skip this section if none.
🏗️ 重大更新 (Major Features)
Significant new capabilities, architectural changes, new integrations. Each item:
- Bold title:one-line description (#PR)
✨ 小功能 / 改进 (Minor Features)
Group by sub-category when there are many (e.g. "Telegram", "CLI", "Plugin SDK"). Each item:
- One-line description (#PR)
🔧 Bug 修复 (Bug Fixes)
Group by area (e.g. "Channel 修复", "核心/安全", "工具/浏览器"). For channel fixes with 5+ items, use a table:
| Channel | 修复内容 | PR |
|---|---|---|
| Name | Description | #N |
For other fixes, use bullet lists grouped by area.
💬 社区热议 (Community Discussions)
Hot issues sorted by engagement. Each item:
- #N — Title:one-line summary of the discussion
3. Formatting Rules
- Every PR/issue/release MUST have a clickable markdown link
- PR:
[#123](https://github.com/OWNER/REPO/pull/123) - Issue:
[#123](https://github.com/OWNER/REPO/issues/123) - Release:
[vTAG](https://github.com/OWNER/REPO/releases/tag/vTAG)
- PR:
- Use the user's language (detect from their message; default Chinese for Chinese users)
- Bold key terms for scannability
- Omit empty sections silently
- When release notes mention a PR number like
(#12345), always convert to a clickable link - For "Thanks @user" in release notes, link to
https://github.com/user
Usage Guidance
This skill appears to do what it says (produce a GitHub digest), but before using it: 1) confirm you have the gh CLI and jq installed and that the publisher updates the registry metadata to declare those requirements; 2) understand that the skill will run gh commands using whatever account is authenticated in your gh CLI (so it will use your GitHub token/permissions); 3) if you only want public data, test the gh commands manually first to see what they'll return; 4) if concerned about token scope, use a token/account with limited permissions or run on an environment where gh is configured for read-only access; and 5) ask the publisher to clarify the missing metadata (required binaries and whether private-repo access is needed). These steps will reduce risk and resolve the metadata inconsistency.
Capability Analysis
Type: OpenClaw Skill
Name: github-digest
Version: 1.0.0
The skill executes shell commands using the `gh` CLI tool, with parameters like `OWNER/REPO` and `TAG` expected to be dynamically filled, likely from user input. This design introduces a significant shell injection vulnerability (RCE risk) if the AI agent does not rigorously sanitize these inputs before executing the commands. While the commands themselves are intended for legitimate GitHub data retrieval, the lack of explicit input sanitization instructions makes the skill exploitable, classifying it as suspicious due to this critical vulnerability.
Capability Assessment
Purpose & Capability
The name/description (GitHub repo digest) align with the runtime instructions: the workflow uses the GitHub CLI to list releases, PRs, and issues and formats a digest. However, the SKILL.md requires the 'gh' CLI (and uses 'jq' in examples), but the registry metadata declared no required binaries — this mismatch should be resolved.
Instruction Scope
Instructions are narrowly scoped to querying GitHub data (releases, PRs, issues) and formatting results. They require an authenticated 'gh' session (explicitly listed in SKILL.md) and do not instruct the agent to read unrelated local files or send data to endpoints other than GitHub links. The default repo and parallel execution are implementation details but not scope creep.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or written by the skill itself. This lowers installation risk; however, runtime depends on external CLIs being present on the host.
Credentials
The SKILL.md expects an authenticated 'gh' CLI context (which uses the user's GitHub credentials/token), but the skill metadata lists no required credentials or binaries. While using the user's gh auth is appropriate for querying private or authenticated endpoints, the metadata omission is inconsistent and could lead to confusion about what credentials will be used. The examples also use 'jq' but it's not declared.
Persistence & Privilege
The skill does not request persistent privileges (always is false) and has no install hooks. It does rely on the agent executing shell commands (gh); autonomous invocation is allowed by platform default but not otherwise elevated by this skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install github-digest - After installation, invoke the skill by name or use
/github-digest - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: structured GitHub repo digest with briefing, categorized changes, and clickable source links
Metadata
Frequently Asked Questions
What is GitHub Digest?
Generate a structured GitHub repo digest with briefing summary, categorized changes (breaking/major features/minor features/bug fixes), community discussions... It is an AI Agent Skill for Claude Code / OpenClaw, with 448 downloads so far.
How do I install GitHub Digest?
Run "/install github-digest" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is GitHub Digest free?
Yes, GitHub Digest is completely free (open-source). You can download, install and use it at no cost.
Which platforms does GitHub Digest support?
GitHub Digest is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created GitHub Digest?
It is built and maintained by RoggeOhta (@roggeohta); the current version is v1.0.0.
More Skills