← Back to Skills Marketplace
rn-bundle-to-github
by
lvtong199881
· GitHub ↗
· v1.0.0
· MIT-0
120
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install rn-bundle-to-github
Description
React Native bundle 发布到 GitHub 的完整工作流。当需要为 React Native 项目打包并发布到 GitHub Release 时激活。包括:(1) 初始化 RN 项目发布配置,(2) 使用 publish.sh 自动发布 release/debug 版本,(3) 生成包含 And...
Usage Guidance
This skill appears to do what it says (build and publish React Native bundles) but has two red flags: (1) it tells you to download and execute a remote publish.sh from a third-party GitHub repo without providing the script for inspection, and (2) it instructs storing a repo-scoped GitHub token in ~/.github_token even though the package metadata declares no credentials. Before using: inspect the exact publish.sh content (don't run it blindly), prefer using a short-lived or least-privilege PAT (or a CI secret/GITHUB_TOKEN) rather than a persistent file in your home, verify the raw URL and prefer pinned releases/checksums or vendor the script into your repo, test in a throwaway repository or container, and ensure the token only has the minimal scopes required. If you can't review the script or trust its author, do not run it.
Capability Analysis
Type: OpenClaw Skill
Name: rn-bundle-to-github
Version: 1.0.0
The skill bundle instructs the OpenClaw agent to download and execute a remote shell script from a personal GitHub repository (lvtong199881/MyRNApp) and requires the user to store a GitHub Personal Access Token in a plaintext file (~/.github_token). This 'curl-to-shell' pattern from an unverified third-party source, combined with the requirement for local credential storage, presents a high risk for supply chain attacks and credential theft, even though the stated purpose is a React Native deployment workflow. (File: SKILL.md)
Capability Tags
Capability Assessment
Purpose & Capability
The skill's purpose (build RN bundles and publish them to GitHub Releases) aligns with the steps described (bundle generation, tag creation, changelog, GitHub API upload). However, the package/registry metadata declares no required credentials or env vars while the runtime instructions explicitly require a GitHub personal access token stored at ~/.github_token. That mismatch (declared requirements = none vs. instructions requiring a token) is inconsistent and should have been declared.
Instruction Scope
SKILL.md instructs downloading a remote publish.sh and executing it (curl -> chmod +x -> ./publish.sh), writing a token file to ~/.github_token, modifying package.json, committing and pushing git changes, creating tags/releases, and uploading assets. All of those steps are within the stated publishing scope, but the instructions give no embedded script to review and ask the user to store an access token in a file — both increase risk. The raw URL used to fetch publish.sh is third‑party and atypically formatted (includes 'refs/heads'); the script content is not bundled or audited.
Install Mechanism
There is no formal install spec in the registry, but the instructions download an executable script from raw.githubusercontent.com and run it. Downloading and executing an external script from an arbitrary third‑party repository is high risk because the code will run on the developer's machine; the skill provides no checksum, pinned release, or inlined script for review.
Credentials
Although the registry metadata lists no required env vars or primary credential, the documentation requires a GitHub Personal Access Token with 'repo' scope and tells the user to create ~/.github_token. Requesting a repo-scoped token is proportionate to creating/updating releases, but the omission from declared requirements is inconsistent and the recommended storage (plaintext file in home directory) is a weaker practice than using an environment variable or CI secret. The skill does not request other unrelated credentials.
Persistence & Privilege
The skill is instruction-only, does not request always:true, and does not claim to modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform defaults but is not combined with other unusually broad privileges in the manifest.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rn-bundle-to-github - After installation, invoke the skill by name or use
/rn-bundle-to-github - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of rn-bundle-to-github: a complete workflow for bundling and publishing React Native projects to GitHub Releases.
- Automates RN project release configuration, bundle generation (Android/iOS), version incrementing, and changelog creation.
- Includes publish.sh script for streamlined release (production) and debug (prerelease) publishing.
- GitHub Releases are used for version management, rollback, and hot update delivery.
- Documentation covers setup, release flow, versioning rules, API integration, troubleshooting, and optimization tips.
Metadata
Frequently Asked Questions
What is rn-bundle-to-github?
React Native bundle 发布到 GitHub 的完整工作流。当需要为 React Native 项目打包并发布到 GitHub Release 时激活。包括:(1) 初始化 RN 项目发布配置,(2) 使用 publish.sh 自动发布 release/debug 版本,(3) 生成包含 And... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.
How do I install rn-bundle-to-github?
Run "/install rn-bundle-to-github" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is rn-bundle-to-github free?
Yes, rn-bundle-to-github is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does rn-bundle-to-github support?
rn-bundle-to-github is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created rn-bundle-to-github?
It is built and maintained by lvtong199881 (@lvtong199881); the current version is v1.0.0.
More Skills