← Back to Skills Marketplace
433
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install repomix-explorer
Description
Use this skill when the user wants to analyze or explore a codebase (remote repository or local repository) using Repomix. Triggers on: 'analyze this repo',...
Usage Guidance
This skill appears to do what it says: run Repomix to pack a repo and analyze the output. Before installing/using it, consider: (1) npx repomix@latest will fetch and execute code from the npm registry — if you want stronger guarantees, pin a specific repomix version (e.g., [email protected]) or install/inspect the CLI yourself; (2) the agent will read repository files and any generated output in /tmp or the working directory — do not run it on repositories containing secrets you don't want to expose; (3) run the skill in a sandbox/container if you are worried about executing third-party code; (4) verify the repomix package source (npm package page, GitHub repo, checksum) if you need higher assurance. If you control the environment, manually installing and vetting repomix before allowing the agent to run it reduces risk.
Capability Analysis
Type: OpenClaw Skill
Name: repomix-explorer
Version: 0.1.0
The skill instructs the AI agent to execute shell commands (`npx repomix@latest`, `grep`) with parameters directly derived from user input (e.g., repository names, local paths, output paths, include/ignore patterns). The `SKILL.md` instructions do not include explicit directives for input sanitization, which creates a significant shell injection vulnerability. A malicious user could craft inputs containing shell metacharacters to execute arbitrary commands or write files to unintended locations. While the skill's stated purpose is benign and there is no evidence of intentional malicious behavior (such as data exfiltration or persistence), the lack of input sanitization for shell commands makes it suspicious.
Capability Assessment
Purpose & Capability
Name/description match the instructions: the skill tells the agent to run the Repomix CLI (via npx) to pack and analyze repositories, and to read the produced output for analysis. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to run shell commands (npx repomix@latest) and to read generated output files (usually in /tmp or ./repomix-output.xml). This stays within the stated purpose (analyzing remote or local repos). However, allowing shell execution and arbitrary file reads means the agent will access repository contents and any generated output; ensure the user expects the agent to read the repo and any sensitive files it may contain.
Install Mechanism
This is an instruction-only skill with no install spec, but the runtime commands use `npx repomix@latest`, which downloads and executes code from the npm registry. Using npx/@latest is convenient but can execute arbitrary code from a third-party package at runtime — a normal supply-chain risk for CLI tools. No archive downloads from untrusted URLs are present.
Credentials
No environment variables, credentials, or config paths are requested. The required surface is proportional to the stated purpose (analyzing repositories).
Persistence & Privilege
The skill does not request persistent/always presence; default autonomy is allowed (platform default). It does not propose modifying other skills or system-wide settings. Output files are written to /tmp or local working directory per the instructions.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repomix-explorer - After installation, invoke the skill by name or use
/repomix-explorer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of repomix-explorer: a skill for analyzing codebases with Repomix.
- Supports analysis of both remote and local code repositories using the Repomix CLI.
- Automates selection of Repomix commands, output formats, and compression options based on user intent.
- Guides workflow from repository packing, through output file analysis (using grep and pattern search), to clear summaries and actionable insights.
- Includes best practices for efficient exploration, output management, and typical search patterns for code structure, metrics, and pattern discovery.
- Offers example workflows to help users get started quickly with common codebase analysis tasks.
Metadata
Frequently Asked Questions
What is Repomix Explorer?
Use this skill when the user wants to analyze or explore a codebase (remote repository or local repository) using Repomix. Triggers on: 'analyze this repo',... It is an AI Agent Skill for Claude Code / OpenClaw, with 433 downloads so far.
How do I install Repomix Explorer?
Run "/install repomix-explorer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repomix Explorer free?
Yes, Repomix Explorer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Repomix Explorer support?
Repomix Explorer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Repomix Explorer?
It is built and maintained by kongyo2 (@kongyo2); the current version is v0.1.0.
More Skills