← 返回 Skills 市场

Flatnotes + Tasks.md GitHub Audit

Name: Flatnotes + Tasks.md GitHub Audit
Author: branexp

作者 branexp · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

1551

总下载

当前安装

版本数

在 OpenClaw 中安装

/install flatnotes-tasksmd-github-audit

功能描述

Thoroughly audit Tasks.md + Flatnotes for drift and accuracy; use GitHub (gh CLI) as source of truth to detect stale notes/cards and missing links. Produces a report and an optional fix plan.

使用说明 (SKILL.md)

Flatnotes + Tasks.md + GitHub Audit

Use this skill when Brandon asks to audit the Flatnotes/Tasks.md system for accuracy and ensure it’s up to date, using GitHub as the source of truth.

Quick start

Run the bundled auditor (report-only):

node skills/flatnotes-tasksmd-github-audit/scripts/audit.mjs --since-days 30 --write

Outputs:

Markdown report: tmp/flatnotes-tasksmd-audit.md
JSON report: tmp/flatnotes-tasksmd-audit.json

If gh is not authenticated, the audit still runs but GitHub checks will be marked as SKIPPED_GITHUB.

Data sources (defaults)

Tasks.md root: /home/ds/.config/appdata/tasksmd/tasks
Flatnotes root: /home/ds/.config/appdata/flatnotes/data
Flatnotes “system notes” mirror in workspace: notes/resources/flatnotes-system/

Override via env vars:

TASKS_ROOT
FLATNOTES_ROOT

Audit goals (what “accurate” means)

A) Board hygiene (Tasks.md)

Global lanes exist: 00 Inbox, 05 Backlog, 10 Next, 20 Doing, 30 Blocked, 40 Waiting, 90 Done.
Lane rule preference: prio-p2 lives in 05 Backlog by default (no prio-p2 in 10 Next).
Doing WIP ≤ 3 (preference).
Cards should be consistently formatted (Outcome/Steps) and tagged (proj/prio/eff/type).
Blocked cards include Unblock:.
Project cards include a Flatnotes pointer (Flatnotes: ...).

B) Project completeness (Flatnotes)

For each active project in SYS Workspace - Project Registry:

Required project notes exist:
- PJT \x3Cslug> - 00 Overview
- PJT \x3Cslug> - 10 Research
- PJT \x3Cslug> - 20 Plan
- PJT \x3Cslug> - 90 Log
Hub note has:
- Current status (1–3 bullets)
- Links section with repo + Tasks filter
- Decisions section linking relevant ADR(s)

C) GitHub truth reconciliation (GitHub = source of truth)

For each project repo in the registry:

Open PRs should have a corresponding Tasks card (Doing/Next/Blocked/Waiting) OR an explicit reason why not.
Recently merged PRs should be reflected somewhere:
- preferably a short note in the project log (PJT \x3Cslug> - 90 Log) + hub status update, or
- a Done card with PR link.
- (Audit treats either as reconciled; it may warn if a merged PR is only on a Done card but missing from the log.)
Done cards should ideally include a PR link when work was shipped via PR.

Workflow (recommended)

Parse registry
- Read SYS Workspace - Project Registry from Flatnotes.
- Extract: slug, status, Tasks tag, GitHub repo URL.
Scan Tasks.md
- Index cards by lane and by proj-* tag.
- Flag lane rule violations (prio-p2 in Next, etc.).
- Flag cards missing Flatnotes pointer.
Scan Flatnotes
- Check required project notes exist.
- Check hub Decisions section links ADR notes.
GitHub cross-check
- Use gh:
  - gh pr list --state open --json ...
  - gh pr list --state merged --search "merged:>=\x3Cdate>" --json ... (or equivalent)
- Try to match PRs ↔ Tasks cards using:
  - PR URL in card content
  - PR number
  - Title substring heuristic
Report
- Output: summary + per-project drift list + fix plan.

Applying fixes (guardrails)

Default is report-only.

If Brandon explicitly asks to apply fixes:

Safe auto-fixes allowed:
- create missing Flatnotes notes (10 Research, etc.) using existing templates
- add missing ADR links to hub Decisions section
- move prio-p2 from Next → Backlog
- add missing Flatnotes pointers to Tasks cards
Anything that renames files or deletes content: ask first.

Bundled code

scripts/audit.mjs — generates the report (Markdown + JSON). If needed, patch it rather than rewriting.

安全使用建议

This skill appears to do what it claims: it reads your Tasks.md and Flatnotes data and uses the local gh CLI to compare PRs. Before installing/running: 1) Verify you are comfortable that the script will read files under the default paths (/home/ds/...) or set TASKS_ROOT/FLATNOTES_ROOT to point to the correct locations. 2) Ensure Node and the gh CLI are available and that you understand gh will use your existing GitHub authentication (the skill does not request tokens itself). 3) Run it in report-only mode first (no auto-fixes) and review tmp/flatnotes-tasksmd-audit.{md,json}. 4) If you allow auto-fixes, back up Flatnotes/Tasks.md first and review which auto-fixes the tool will perform (it claims to only create missing notes, add ADR links, move specific cards, and add missing pointers; it should ask before renames/deletes). 5) If you want to be extra cautious, inspect scripts/audit.mjs yourself or run it in a non-production copy of your data.

功能分析

Type: OpenClaw Skill Name: flatnotes-tasksmd-github-audit Version: 1.0.0 The OpenClaw skill is designed to audit local markdown files (Tasks.md, Flatnotes) against GitHub as a source of truth. All file system operations (reading configuration/data files, writing reports to `tmp/`) and external command executions (`gh` CLI for GitHub PR data) are directly and transparently aligned with its stated purpose. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection intended to subvert the agent's behavior beyond the skill's legitimate function. The `SKILL.md` even includes guardrails for applying fixes, requiring explicit user consent for write operations.

能力评估

ℹ Purpose & Capability

The declared purpose (audit Tasks.md + Flatnotes using GitHub as source of truth) matches what the script does: it reads local Flatnotes and Tasks folders, parses a project registry, and calls the gh CLI to reconcile PRs. Small inconsistency: the registry metadata lists no required binaries, but the runtime expects Node (to run the .mjs) and the gh CLI; SKILL.md mentions gh behavior but the manifest does not declare these as required.

✓ Instruction Scope

Instructions and code are narrowly scoped to auditing: they read files under the configured Tasks.md and Flatnotes roots, parse content, and optionally create limited Flatnotes files when asked. There are no instructions to read unrelated system config, environment secrets, or to send arbitrary data to external endpoints. GitHub access is via the local gh CLI, which will use the user's existing gh authentication if present.

✓ Install Mechanism

No install spec is present (instruction + bundled script only). No downloads or external installers are executed by the skill. The included script is plain JavaScript (no obfuscation) and will run under Node when invoked.

ℹ Credentials

The skill requests no credentials or special env vars in the manifest and only uses two optional env vars (TASKS_ROOT, FLATNOTES_ROOT) to override defaults. It does rely on the user having gh configured for GitHub checks, but it does not demand tokens itself. The main proportionality note is the manifest not declaring 'gh' / 'node' as required binaries.

✓ Persistence & Privilege

The skill does not request persistent presence (always:false). It writes report outputs to a tmp directory and may create new Flatnotes files only when explicitly asked; SKILL.md includes guardrails to ask before destructive actions.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install flatnotes-tasksmd-github-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /flatnotes-tasksmd-github-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug flatnotes-tasksmd-github-audit

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题