← Back to Skills Marketplace
1176
Downloads
0
Stars
7
Active Installs
3
Versions
Install in OpenClaw
/install repo-analyzer
Description
GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project...
Usage Guidance
This skill implements a plausible GitHub repo analyzer, but there are notable red flags you should consider before installing or running it:
- Credential handling: The skill expects a GITHUB_TOKEN but the registry metadata does not declare it; SKILL.md even tells you to source ~/.bashrc or grep it out of that file. Do NOT store or extract long-lived tokens from shell rc files for third-party tools. Prefer providing a token via the --token flag or a short-lived token with minimal scopes.
- Local file access: The documentation instructs reading ~/.bashrc; that is a direct local file read that could expose other secrets if you follow the provided commands. Avoid running those exact source/grep commands unless you understand what they'll reveal.
- Child process execution: The code executes external CLIs (bird, gh) using child_process.execSync and forwards environment variables. If you run the skill and those CLIs are present (or replaced by malicious binaries), your environment (including tokens) could be exposed. Only run in an isolated environment or confirm the CLIs are trustworthy.
- Auto-triggering on pasted tweets: The skill will attempt to fetch tweet content automatically and include it in reports. If you paste a private or sensitive URL, the skill may fetch and include that text in outputs.
- Mitigations: Inspect the full analyze.js file locally, run the tool in an isolated container/VM, use a minimal-scope GitHub PAT (or a read-only token), avoid storing tokens in ~/.bashrc, and do not allow the skill to auto-run on arbitrary pasted content. If you need higher assurance, ask the author for clearer metadata (declare GITHUB_TOKEN requirement) and for an option to disable invoking external CLIs or auto-triggering on tweets.
Capability Analysis
Type: OpenClaw Skill
Name: repo-analyzer
Version: 1.2.0
The skill is classified as suspicious due to a prompt injection vulnerability in `SKILL.md` and the use of powerful `child_process.execSync` calls in `scripts/analyze.js`. The `SKILL.md` explicitly instructs the AI agent to read the user's `~/.bashrc` file to extract a `GITHUB_TOKEN` (`GITHUB_TOKEN="$(grep GITHUB_TOKEN ~/.bashrc | cut -d'"' -f2)"`). While intended to provide the skill with a necessary token, this is a direct instruction for sensitive local file access, which constitutes a prompt injection vulnerability. Additionally, `scripts/analyze.js` uses `execSync` to run external CLI tools (`bird` and `yara`), a powerful capability that, while currently used for legitimate security analysis, could pose a shell injection risk if not perfectly sanitized or if the external tools themselves were compromised.
Capability Assessment
Purpose & Capability
The README/SKILL.md clearly describes a GitHub repo trust scorer and the bundled scripts implement that. However the skill declares no required environment variables while the docs state 'CRITICAL: Always run with GITHUB_TOKEN loaded' and the code uses process.env.GITHUB_TOKEN. The SKILL.md also claims 'zero external dependencies' but the runtime optionally invokes external CLIs (bird, gh) and the code expects Node.js 18+. There's a version mismatch (registry metadata 1.2.0 vs package.json 1.1.1). These mismatches (missing declared env, undeclared external CLI reliance) are disproportionate to the stated metadata and reduce coherence.
Instruction Scope
SKILL.md explicitly instructs sourcing ~/.bashrc and even gives a grep snippet to extract GITHUB_TOKEN from that file — that directs the agent/user to read a local shell config file containing secrets. The skill also auto-triggers on pasted X/Twitter URLs and instructs the agent to 'ALWAYS include the tweet text/context', and the code will try to read tweets via a local 'bird' CLI or public syndication endpoints. The instructions therefore request local secrets and run shell commands to fetch external content; this goes beyond simply calling the GitHub API to analyze a repo and grants broad discretion to access local files and run arbitrary CLIs.
Install Mechanism
There is no install spec (instruction-only at registry level) but the package bundle contains multiple scripts and supporting files. No external downloads or archive extraction are used — code is present in the skill bundle. That keeps the install risk low, but the presence of runnable scripts means installing/executing them will run code on the host.
Credentials
The skill requests no env vars in metadata but both SKILL.md and scripts expect GITHUB_TOKEN for full functionality. Moreover, the SKILL.md instructs users to source ~/.bashrc and extract the token from there. The code executes external CLIs via child_process.execSync while passing process.env, so any invoked CLI (bird, gh, etc.) would receive the agent's environment including secrets. Requiring an unrestricted PAT without guidance on minimal scopes and instructing reading ~/.bashrc is disproportionate and potentially exposes sensitive credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It is user-invocable and can be invoked autonomously (disable-model-invocation:false), which is normal and not by itself a red flag. Auto-trigger behavior on pasted X/Twitter URLs is a functional choice but increases privacy exposure (tweet text and extracted links will be fetched).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repo-analyzer - After installation, invoke the skill by name or use
/repo-analyzer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Scoring improvements: (1) New-repo hard caps now scale with hygiene signals — repos with tests, CI, license, security policy, docs can break through the 55 cap. (2) Suspicious account penalty reduced when repo has strong hygiene (4+ signals). (3) High commit frequency warning disabled for repos <7 days old. (4) Agent safety PASS raises cap ceiling for new repos. (5) Added crypto/DeFi domain allowlist: DEX APIs (DexScreener, Jupiter, Uniswap, Raydium, etc), launchpads (Virtuals, Clanker, Bankr, pump.fun, Doppler, Flaunch), social proxies (fxtwitter, nitter), sports data (ESPN, NBA), odds APIs, and funding links (Patreon, OpenCollective).
v1.1.1
Remove test artifacts, add .gitignore, clean package
v1.1.0
Trust scoring, batch scan, X/Twitter auto-extract, improved scoring weights
Metadata
Frequently Asked Questions
What is Repo Analyzer?
GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project... It is an AI Agent Skill for Claude Code / OpenClaw, with 1176 downloads so far.
How do I install Repo Analyzer?
Run "/install repo-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repo Analyzer free?
Yes, Repo Analyzer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Repo Analyzer support?
Repo Analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Repo Analyzer?
It is built and maintained by Don-GBot (@don-gbot); the current version is v1.2.0.
More Skills