← 返回 Skills 市场
twksos

Cnb Cool Git

作者 twksos · GitHub ↗ · v2.0.1 · MIT-0
cross-platform ⚠ suspicious
127
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cnb-cool-git
功能描述
CNB 云原生构建平台的 Git 操作技能。使用 git 和 CNB Open API 进行代码克隆、提交、推送、分支管理、Merge Request 管理、流水线触发、流水线结果读取等操作。首次使用需收集用户的 Git 用户名和邮箱信息。
使用说明 (SKILL.md)

CNB Git Skill

在 CNB(cnb.cool)平台上进行 Git 操作和 API 调用。

认证配置

Token(敏感)— 通过 Gateway secrets 注入(不暴露在日志和配置展示中):

变量名 说明
CNB_COOL_GIT_TOKEN Git 访问令牌,用于 clone/push
CNB_COOL_API_TOKEN API 令牌,用于调用 CNB Open API

⚠️ Token 类型注意:必须使用**经典令牌(Classic Token)**或 REST API 令牌,MCP 读写权限 Token 对 REST API 无效(所有 /-/ 路径返回 404)。

注入方式:在 OpenClaw openclaw.jsonenv.vars 中配置,密钥部分会被脱敏显示。

用户名/邮箱(非敏感)— 写入 .env 文件(放在 /workspace/.env):

CNB_COOL_GIT_USER_NAME=你的Git用户名
CNB_COOL_GIT_USER_EMAIL=你的Git邮箱

同时设置 Git 全局配置:

git config --global user.name "${CNB_COOL_GIT_USER_NAME}"
git config --global user.email "${CNB_COOL_GIT_USER_EMAIL}"

克隆仓库

git clone https://cnb:${CNB_COOL_GIT_TOKEN}@cnb.cool/your-group/your-repo.git

API 基础调用

API 服务地址:https://api.cnb.cool

⚠️ Token 类型注意:CNB 的 MCP Token(MCP 读写权限)不支持 REST API,所有接口均返回 404。必须使用**经典令牌(Classic Token)**或具有 REST API 权限的 Personal Access Token。

# 所有 API 调用都需携带以下两个 Header
curl -H "Authorization: ${CNB_COOL_API_TOKEN}" \
     -H "Accept: application/vnd.cnb.api+json" \
     "https://api.cnb.cool/..."

Merge Request(MR)操作

创建 MR

curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{
    "title": "feat: 功能描述",
    "head": "feature/branch-name",
    "base": "main",
    "body": "变更内容..."
  }' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls"

字段说明:head = 源分支,base = 目标分支(⚠️ 不是 source_branch/target_branch

列出 MR

# 查看所有 MR
curl "https://api.cnb.cool/{owner}/{repo}/-/pulls" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

# 查看指定 MR
curl "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

添加评论

curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{"body": "评论内容"}' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/comments"

提交评审

# APPROVE - 批准
curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{"event": "APPROVE", "body": "LGTM"}' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/reviews"

# REQUEST_CHANGES - 需要改进
curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{"event": "REQUEST_CHANGES", "body": "请修复..."}' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/reviews"

合并 MR

curl -X "PUT" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{
    "merge_method": "merge"
  }' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/merge"

管理标签和评审人

# 添加标签
curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{"labels": ["bug", "high-priority"]}' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/labels"

# 添加评审人
curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{"reviewers": ["username1", "username2"]}' \
  "https://api.cnb.cool/{owner}/{repo}/-/pulls/{number}/reviewers"

Pipeline 构建结果

获取构建历史

curl "https://api.cnb.cool/{owner}/{repo}/-/builds?page=1&page_size=20" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

获取构建详情和日志

# 构建详情
curl "https://api.cnb.cool/{owner}/{repo}/-/builds/{build_id}" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

# 构建日志
curl "https://api.cnb.cool/{owner}/{repo}/-/builds/{build_id}/logs" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

Pipeline 触发

手动触发 Pipeline

# 通过 API 触发流水线
curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Content-Type: application/json" \
  -H "Accept: application/vnd.cnb.api+json" \
  -d '{
    "branch": "main",
    "event": "api_trigger",
    "env": {
      "KEY": "value"
    }
  }' \
  "https://api.cnb.cool/{owner}/{repo}/-/trigger"

获取触发器列表

curl "https://api.cnb.cool/{owner}/{repo}/-/triggers" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json"

重新触发构建

curl -X "POST" \
  -H "Authorization: ${CNB_COOL_API_TOKEN}" \
  -H "Accept: application/vnd.cnb.api+json" \
  "https://api.cnb.cool/{owner}/{repo}/-/builds/{build_id}/retry"

关键环境变量

变量名 说明
CNB_REPO_SLUG 仓库路径(group/repo)
CNB_BRANCH 分支名
CNB_COMMIT 提交 SHA
CNB_BUILD_ID 构建流水号
CNB_BUILD_STATUS 构建状态(success/error/cancel)
CNB_PIPELINE_STATUS Pipeline 状态
CNB_BUILD_WEB_URL 构建日志地址
CNB_PULL_REQUEST 是否为 PR 触发
CNB_TOKEN 流水线临时令牌(系统注入)

最佳实践

  • 不要在代码中硬编码访问令牌
  • 使用环境变量或密钥仓库存储敏感信息
  • 定期轮换令牌
  • 不可信事件(PR评论、Issue评论)的流水线权限受限,敏感操作应在可信事件中执行
安全使用建议
What to consider before installing: - Confirm metadata: SKILL.md and _meta.json require two secrets (CNB_COOL_GIT_TOKEN, CNB_COOL_API_TOKEN) and two non-sensitive envs (user name/email), but the registry summary claimed none — ask the publisher to fix the metadata mismatch before trusting automated tooling. - Secrets handling: Do NOT embed tokens in clone URLs. That practice can leak tokens into git config, process lists, shell history, and logs. Prefer using a git credential helper, .netrc with secure permissions, or authenticated HTTPS that prompts from a credential store. Verify how OpenClaw's Gateway secrets are injected and that they are never printed or stored in logs. - Limit token scope: Use the least-privilege token possible (prefer specific REST/API scopes, avoid wide MCP tokens if not needed). Confirm token type requirements and that the tokens cannot be reused elsewhere. - Avoid global changes: Instead of git config --global, prefer repository-local settings (git config user.name/email in the repo) or set GIT_AUTHOR_NAME/GIT_AUTHOR_EMAIL for single operations so other projects aren't affected. - Workspace persistence: /workspace/.env may be persisted; do not store sensitive tokens there. Only non-sensitive username/email should be written and you should confirm workspace retention policies. - Verify origin and trust: The skill has no homepage and an unknown owner ID; ask for publisher/source and prefer skills with a verifiable homepage or source repo. If you must use it, review and test in a restricted environment and audit any generated remotes or files for embedded credentials. - If possible, request an update to SKILL.md to remove token-in-url examples and to document secure credential usage and cleanup steps.
功能分析
Type: OpenClaw Skill Name: cnb-cool-git Version: 2.0.1 The skill bundle provides standard instructions and API documentation for an AI agent to interact with the CNB (cnb.cool) Git platform. It includes legitimate commands for managing Merge Requests, pipelines, and Git configurations using environment variables for authentication, with no evidence of malicious intent, data exfiltration, or unauthorized execution (SKILL.md).
能力评估
Purpose & Capability
The name/description (CNB git ops) align with the actions described (git clone/push, MR management, pipeline triggers via api.cnb.cool). Required credentials (CNB_COOL_GIT_TOKEN, CNB_COOL_API_TOKEN) and repo/branch/env variables are coherent for this purpose. However, the registry summary at the top reported 'Required env vars: none' while SKILL.md and _meta.json declare required_secrets and required_envs — this metadata inconsistency is unexpected and should be resolved.
Instruction Scope
Instructions tell the agent to: (1) receive secrets via gateway, (2) write non-sensitive username/email to /workspace/.env, (3) run git config --global user.name/email, and (4) clone using an HTTPS URL that embeds the token (git clone https://cnb:${CNB_COOL_GIT_TOKEN}@cnb.cool/...). Embedding tokens in clone URLs risks leaking secrets (remote URL persistence, process args, shell history, logs). Writing .env into /workspace may persist user info and could be accessible to other processes. Changing global git config modifies environment-wide settings. These behaviors are within the skill's stated scope but have privacy/security implications that are not mitigated in the documentation.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, so there is no install-time download or arbitrary code execution risk.
Credentials
The two secrets the skill uses (a Git access token and an API token for CNB) are proportionate to git+API operations. However, the top-level registry metadata claimed 'none' for required envs while _meta.json lists required_secrets and required_envs — this mismatch is concerning. Also, instructions reference numerous CNB pipeline env variables (CNB_*), which are plausible but worth confirming you expect these to be present and that tokens have least privilege (prefer minimal scopes).
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. The only persistent changes suggested are user-local (git global config and writing /workspace/.env); these are not platform-level privileges but can have side effects and should be scoped (repo-local) if possible.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cnb-cool-git
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cnb-cool-git 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
- 完善了 CNB 云原生构建平台 Git 操作技能的文档,系统性覆盖了令牌配置、git 用户信息、API 用法和最佳实践 - 增加了详细的示例,包括 MR 管理、Pipeline 触发与读取结果、环境变量等 - 明确区分了不同类型令牌的使用场景与限制 - 进一步强调令牌及凭证安全管理方法 - 面向开发者提供一站式 Git + API 操作流程参考
元数据
Slug cnb-cool-git
版本 2.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Cnb Cool Git 是什么?

CNB 云原生构建平台的 Git 操作技能。使用 git 和 CNB Open API 进行代码克隆、提交、推送、分支管理、Merge Request 管理、流水线触发、流水线结果读取等操作。首次使用需收集用户的 Git 用户名和邮箱信息。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 127 次。

如何安装 Cnb Cool Git?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cnb-cool-git」即可一键安装,无需额外配置。

Cnb Cool Git 是免费的吗?

是的,Cnb Cool Git 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Cnb Cool Git 支持哪些平台?

Cnb Cool Git 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cnb Cool Git?

由 twksos(@twksos)开发并维护,当前版本 v2.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论