← Back to Skills Marketplace
Repo Onboarding
by
Broedkrummen
· GitHub ↗
· v0.1.0
420
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install repo-onboarding
Description
Onboard a repo by assessing architecture and dependencies, setting up roadmap and kanban for execution, and generating a comprehensive onboarding report.
Usage Guidance
This skill tells your agent to run Python/bash scripts that are not included and are referenced by absolute paths in another user's home directory — those scripts could execute anything on your machine. Before installing or running: (1) inspect the exact scripts referenced (/home/.../senior-architect and repo-kanban-pm) to confirm their safe behavior; (2) ensure the scripts exist in a trusted location (prefer relative paths inside the repo or bundle the scripts with the skill); (3) require and document needed binaries (python, bash) and any env vars those scripts need; (4) do not run the add_daily_pm_cron.sh step until you review what it writes to crontab; (5) run first in an isolated environment or CI job with limited privileges. If you cannot review the referenced scripts, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: repo-onboarding
Version: 0.1.0
The skill bundle is classified as suspicious primarily due to the instruction in `SKILL.md` to execute `add_daily_pm_cron.sh`, which creates a cron job. While presented as an 'Optional daily PM audit', the ability to establish persistence via cron is a high-risk capability. This action, even if intended for a legitimate purpose, introduces a significant vulnerability risk if the underlying script or the agent's interpretation could be exploited for unauthorized execution or persistence. The skill also relies on executing other external scripts from absolute paths within the OpenClaw workspace, making its security dependent on those external components.
Capability Assessment
Purpose & Capability
The skill claims to onboard repos, which is reasonable, but its instructions depend on other skills' scripts located at hard-coded absolute paths (/home/broedkrummen/.openclaw/.../senior-architect and repo-kanban-pm). Those scripts are not included in the package, and the skill declares no required binaries (e.g., python, bash). Requiring external, undisclosed scripts at specific user-home paths is disproportionate to the stated purpose and breaks expected packaging assumptions.
Instruction Scope
Runtime instructions tell the agent to execute Python and bash scripts outside the repository (absolute user-home paths) and to write files into the repo. This gives the skill the ability to run arbitrary code on the host. The optional cron-install step (add_daily_pm_cron.sh) further modifies system state. The SKILL.md does not provide fallbacks that safely limit execution (it only suggests a manual fallback if scripts fail).
Install Mechanism
There is no install spec (instruction-only), which minimizes package installation risk. However, the lack of bundled code combined with instructions to run external scripts means the skill assumes presence of other local skills/files. That mismatch elevates risk despite the absence of an install step.
Credentials
The skill declares no required environment variables, yet it invokes Python and Bash scripts that may themselves require secrets or service tokens. The SKILL.md does not document expected environment inputs for the referenced scripts. Additionally, the optional cron command accepts an --agent argument ("cody") which could implicitly reference agent tooling or credentials not disclosed.
Persistence & Privilege
always:false (good), but the instructions include an optional script to add a daily cron job which would create persistent system behavior outside the repo. Because the skill can cause persistent changes (crontab) and execute arbitrary external scripts, it demands careful review before use.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repo-onboarding - After installation, invoke the skill by name or use
/repo-onboarding - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: combines architecture intake and repo kanban PM onboarding workflow.
Metadata
Frequently Asked Questions
What is Repo Onboarding?
Onboard a repo by assessing architecture and dependencies, setting up roadmap and kanban for execution, and generating a comprehensive onboarding report. It is an AI Agent Skill for Claude Code / OpenClaw, with 420 downloads so far.
How do I install Repo Onboarding?
Run "/install repo-onboarding" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repo Onboarding free?
Yes, Repo Onboarding is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Repo Onboarding support?
Repo Onboarding is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Repo Onboarding?
It is built and maintained by Broedkrummen (@broedkrummen); the current version is v0.1.0.
More Skills