← Back to Skills Marketplace
mingyang1996

openclaw-gitcode-pr-monitor

by mingyang1996 · GitHub ↗ · v0.1.2 · MIT-0
cross-platform ⚠ suspicious
280
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-gitcode-pr-monitor
Description
Monitor GitCode PRs for one or more repos, auto-run AI review via OpenClaw Gateway, post PR comments, and send notifications (DingTalk + WeCom).
Usage Guidance
This package looks like a legitimate GitCode PR monitor and reviewer, but the published metadata is incomplete. Before installing or running it: - Verify you have an official OpenClaw CLI binary and confirm the OPENCLAW_CMD used by scripts points to a trusted binary. The scripts call openclaw message send and openclaw agent which will transmit content externally. - Provide and protect the GitCode token: the scripts expect $HOME/.openclaw/workspace/data/gitcode-token.txt. Ensure this file is readable only by the intended user (chmod 600) and stored in a secure workspace. - Confirm you want automatic posting of comments and notifications. The submit-pr-comment.sh will post the full generated report as a PR comment using your GitCode token. - Ensure required helper binaries are present (curl, jq). The metadata doesn't declare them. - Inspect ~/.openclaw/openclaw.json and your OpenClaw messaging channel configurations so the TARGET_WECOM/TARGET_DINGTALK bindings do what you expect and do not leak reports to unintended recipients. - Because the metadata omitted required credentials/config paths and required binaries, treat this package as 'suspicious' until you confirm and secure the above items. If you need higher assurance, request the publisher to update the skill metadata to declare required env vars, credentials, and binaries (GitCode token, openclaw CLI, notification targets) and to document expected network endpoints.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-gitcode-pr-monitor Version: 0.1.2 The skill bundle provides a legitimate pipeline for monitoring GitCode Pull Requests and performing automated AI-driven code reviews. It consists of shell scripts (`monitor-gitcode-pr.sh`, `code-review-robust.sh`, `submit-pr-comment.sh`) that poll the GitCode API, trigger the OpenClaw agent to analyze code diffs, and post the resulting reports back to the PR and notification channels like DingTalk and WeCom. The scripts handle authentication via a local token file and implement standard operational features like session isolation and file-based locking. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The scripts implement a GitCode PR monitor + reviewer and use the GitCode API, OpenClaw CLI, and notification channels (DingTalk/WeCom) — which fits the stated purpose — but the registry metadata lists no required env vars, credentials, or binaries. In practice the skill expects: a GitCode token file ($HOME/.openclaw/workspace/data/gitcode-token.txt), an OpenClaw CLI binary (OPENCLAW_CMD or openclaw in PATH), curl and jq, and notification targets (TARGET_DINGTALK / TARGET_WECOM). Those were not declared in the skill metadata and should have been.
Instruction Scope
The SKILL.md and scripts stay within the described purpose: polling GitCode APIs, invoking an OpenClaw agent to produce a Markdown report, posting comments to GitCode, and sending notifications. The instructions reference concrete files/paths (workspace data, logs, lockfiles, ~/.openclaw/openclaw.json for WeCom channel) and call external endpoints (gitcode.com and OpenClaw messaging). Nothing in the scripts asks for unrelated host data, but they do assume access to workspace files and the local openclaw CLI.
Install Mechanism
No install spec or remote downloads are present; the package is script-based and writes nothing during 'install'. Risk is limited to runtime behavior of the scripts rather than an installer fetching arbitrary code.
Credentials
The scripts require a GitCode PRIVATE-TOKEN (stored in a file) and notification target env vars, and they expect a wecom-app channel configuration in ~/.openclaw/openclaw.json. The registry metadata listed none of these credentials or config paths. Requiring a GitCode token is reasonable for the purpose, but the omission in metadata is an incoherence and increases the chance the user will miss that sensitive secret must be supplied and protected.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It writes state, logs, and reports under the OpenClaw workspace (normal for a monitor) and uses /tmp lockfiles; these are expected for a cron-run monitor.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-gitcode-pr-monitor
  3. After installation, invoke the skill by name or use /openclaw-gitcode-pr-monitor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
Further sanitize package: remove hardcoded repo defaults and absolute local install paths; use env-based config and PATH discovery.
v0.1.1
Anonymize default repo names (remove real wifi/dhcp repo identifiers); add env-based repo configuration.
v0.1.0
Initial release: multi-repo GitCode PR monitoring + OpenClaw AI review + DingTalk/WeCom notifications.
Metadata
Slug openclaw-gitcode-pr-monitor
Version 0.1.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is openclaw-gitcode-pr-monitor?

Monitor GitCode PRs for one or more repos, auto-run AI review via OpenClaw Gateway, post PR comments, and send notifications (DingTalk + WeCom). It is an AI Agent Skill for Claude Code / OpenClaw, with 280 downloads so far.

How do I install openclaw-gitcode-pr-monitor?

Run "/install openclaw-gitcode-pr-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-gitcode-pr-monitor free?

Yes, openclaw-gitcode-pr-monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-gitcode-pr-monitor support?

openclaw-gitcode-pr-monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-gitcode-pr-monitor?

It is built and maintained by mingyang1996 (@mingyang1996); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments