← Back to Skills Marketplace
biuyx

MacClaw Copilot CLI

by Zip.Wu · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
499
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install macclaw-copilot-cli
Description
GitHub Copilot CLI - AI 代码分析
README (SKILL.md)

MacClaw Copilot CLI

使用 GitHub Copilot CLI 分析代码。

安装

brew install copilot-cli

使用

COPILOT_GITHUB_TOKEN=$(cat ~/.copilot/github_token.txt) copilot -p "你的问题"
Usage Guidance
This is an instruction-only Copilot CLI helper and is broadly consistent with its purpose, but it instructs the agent to read a local file (~/.copilot/github_token.txt) to obtain your COPILOT_GITHUB_TOKEN while not declaring that credential — treat this as a transparency issue. Before installing or using: (1) verify you trust the copilot-cli package from Homebrew and confirm its origin; (2) avoid storing tokens in plaintext files where possible — use the platform's secret store or an environment variable set by you at runtime; (3) if you must use a file-stored token, create a dedicated token with the minimal scopes needed and restrict file permissions; (4) prefer to supply the token via your agent platform's secret mechanism rather than letting an agent run cat on your home directory. If you want stronger assurance, ask the skill author to declare the required credential in metadata and to provide a safer authentication example (prompting the user or using a secret store) instead of reading a file path.
Capability Analysis
Type: OpenClaw Skill Name: macclaw-copilot-cli Version: 1.0.2 The skill is classified as suspicious due to its direct access to a sensitive credential file (`~/.copilot/github_token.txt`) within `SKILL.md`. While this action is plausibly needed for the stated purpose of using the GitHub Copilot CLI, accessing credential files represents a risky capability. There is no evidence of malicious intent such as exfiltration or unauthorized use of the token, but the direct handling of sensitive data elevates it beyond benign.
Capability Assessment
Purpose & Capability
Name/description (GitHub Copilot CLI — code analysis) aligns with the SKILL.md which instructs installing and running copilot. However, the runtime example requires a COPILOT_GITHUB_TOKEN read from ~/.copilot/github_token.txt but the skill metadata does not declare any required environment variables or credentials — an omission that reduces transparency.
Instruction Scope
The SKILL.md tells the agent to read a local credential file (cat ~/.copilot/github_token.txt) and set COPILOT_GITHUB_TOKEN before invoking copilot. That is practically necessary to authenticate the Copilot CLI, but it explicitly directs access to a user filesystem path containing sensitive credentials. The instructions do not provide safer alternatives (e.g., use a platform secret store or prompt the user).
Install Mechanism
No install spec is embedded in the skill (instruction-only). The README recommends using Homebrew (brew install copilot-cli), which is a standard package manager and an expected way to install the CLI — low risk compared to arbitrary downloads.
Credentials
Requiring a GitHub Copilot token is proportionate to the stated purpose. However, the skill fails to declare this credential in its metadata and instead hard-codes an example that reads a local token file. The lack of declared env vars reduces transparency and could lead to unintended credential exposure if an agent follows the example automatically.
Persistence & Privilege
The skill does not request persistent presence (always is false), does not include install actions in the bundle, and does not modify other skills' configurations. No elevated persistence privileges are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install macclaw-copilot-cli
  3. After installation, invoke the skill by name or use /macclaw-copilot-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
更新版本
v1.0.1
修复发布配置
v1.0.0
初始版本 - GitHub Copilot CLI 代码分析和探索工具
Metadata
Slug macclaw-copilot-cli
Version 1.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is MacClaw Copilot CLI?

GitHub Copilot CLI - AI 代码分析. It is an AI Agent Skill for Claude Code / OpenClaw, with 499 downloads so far.

How do I install MacClaw Copilot CLI?

Run "/install macclaw-copilot-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MacClaw Copilot CLI free?

Yes, MacClaw Copilot CLI is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MacClaw Copilot CLI support?

MacClaw Copilot CLI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MacClaw Copilot CLI?

It is built and maintained by Zip.Wu (@biuyx); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments