← Back to Skills Marketplace
135
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install repo-research
Description
GitHub 仓库深度研究与整合分析工具。支持单个/多个仓库研究、与本地项目对比分析、启发式整合建议。支持主题驱动搜索模式:自动搜索相关仓库、克隆、分析并生成报告。克隆远程仓库到本地 research/ 目录,进行深度代码分析、架构评估、依赖解析,并生成结构化研究报告。触发条件:用户提供 GitHub URL 请...
Usage Guidance
This skill appears to do what it claims: clone GitHub repositories, analyze their code, and produce reports. Before running it, consider the following: (1) It assumes git and Python (python3) are available though these are not declared — ensure those binaries exist. (2) It will create directories and clone code into the configured output_dir (defaults to ./research or your current working directory) — run it from a directory where writing/cloning is safe, or set output_dir to a sandbox. (3) If you use the 'compare with local path' mode, the skill will read arbitrary local files at the path you provide — only supply directories you trust. (4) The skill may call platform commands like /skill-manager or /find-skills when using theme search; those commands are platform-specific and may prompt additional installs. (5) Review scripts/security.py (included) to understand what the built-in security checks look for. (6) As a general precaution, do not execute code from cloned repositories; the skill appears to analyze files but not run repository code — still review before running anything from the cloned repos. If you want stricter assurance, run the skill in an isolated environment (container or VM) and inspect scripts/security.py and scripts/* for any unexpected subprocess invocations before use.
Capability Analysis
Type: OpenClaw Skill
Name: repo-research
Version: 0.7.0
The repo-research skill bundle is a comprehensive tool for automated GitHub repository analysis, including architectural mapping, code quality metrics, and security auditing. The bundle contains several specialized Python scripts (architecture.py, quality.py, security.py) that perform static analysis on cloned repositories to generate detailed research reports. Notably, the security module (scripts/security.py) implements extensive regex-based detection for common vulnerabilities, hardcoded secrets, and prompt injection attacks in target repositories. The tool's behavior, including its dependency management and configuration logic (scripts/config.py), is transparently documented and aligns strictly with its stated purpose of providing project insights and security evaluations.
Capability Assessment
Purpose & Capability
Name/description match the code and instructions: it clones GitHub repos, analyzes code, and produces reports. However the SKILL.md assumes runtimes/commands (git, python3, /skill-manager, /find-skills) that are not declared in the skill's required binaries list — a small coherence gap: the skill will realistically require git and Python to be present.
Instruction Scope
Runtime instructions explicitly clone remote repositories into an output directory and read repository files for analysis (README, package files, source). The skill also supports a mode that compares remote repos with a user-supplied local path (which will read local files). Those behaviours are expected for this purpose but grant the skill broad read/write access to the agent's current working directory and any local path the user provides. SKILL.md also instructs possibly installing and calling the find-skills skill via platform commands (e.g., /skill-manager), which may not exist on all hosts.
Install Mechanism
No install spec is included and the package is instruction + script files only. Nothing is downloaded from arbitrary URLs during install. This is lower-risk than remote-download installers. The SKILL.md does instruct invoking platform-specific managers to install an optional dependency (find-skills) if the user requests theme search.
Credentials
The skill does not request any environment variables, secrets, or external credentials. The config system supports environment-variable overrides for output_dir and clone depth which is reasonable. The security module is designed to scan repositories for sensitive-file references (e.g., ~/.ssh, ~/.aws) but that is analysis of cloned repos rather than requesting credentials itself.
Persistence & Privilege
always is false and the skill does not request permanent inclusion. It writes analysis output and cloned repositories into a configurable output directory (defaults to ./research or as configured). This file-system write/read behaviour is expected for the stated purpose and does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repo-research - After installation, invoke the skill by name or use
/repo-research - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.7.0
GitHub 仓库深度研究与整合分析工具
Metadata
Frequently Asked Questions
What is Repo Research?
GitHub 仓库深度研究与整合分析工具。支持单个/多个仓库研究、与本地项目对比分析、启发式整合建议。支持主题驱动搜索模式:自动搜索相关仓库、克隆、分析并生成报告。克隆远程仓库到本地 research/ 目录,进行深度代码分析、架构评估、依赖解析,并生成结构化研究报告。触发条件:用户提供 GitHub URL 请... It is an AI Agent Skill for Claude Code / OpenClaw, with 135 downloads so far.
How do I install Repo Research?
Run "/install repo-research" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repo Research free?
Yes, Repo Research is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Repo Research support?
Repo Research is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Repo Research?
It is built and maintained by xierluo (@cat-xierluo); the current version is v0.7.0.
More Skills