← 返回 Skills 市场
929
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install gh-extract
功能描述
Extract content from a GitHub url.
使用说明 (SKILL.md)
GitHub Extract
Extract content from a GitHub url.
Use this skill when the user types /gh-extract or asks to extract/download/summarize a GitHub url.
What it does
- Accepts an GitHub url, could be repo/tree/blob.
- Convert the url to github raw url.
- Extract file content from the raw url or save to a temp path.
Requirements
uvwget
Usage
# print file content to stdout
uv run --script ${baseDir}/gh_extract.py \x3Curl>
# save file to a temp path, with a proper filename
uv run --script ${baseDir}/gh_extract.py \x3Curl> --save
Notes
- only works for public repo.
- url can be repo/tree/blob
- for repo/tree, will try to get
README.mdorSKILL.mdorREADME.txt
安全使用建议
This skill appears to do what it says — fetch content from public GitHub URLs — but check these points before installing: (1) SKILL.md and the script call 'wget' though the registry metadata only lists 'uv'; ensure 'wget' is available on the host or adjust expectations. (2) The script declares Python dependencies (furl, requests, loguru, urllib3) but there is no install specification — confirm how your runtime will provide or install them. (3) The tool will download arbitrary user-supplied URLs (via requests/wget) and write them to a temporary directory — only use it with trusted GitHub URLs. (4) No secrets are requested and the code only talks to GitHub/raw.githubusercontent.com, but if you run this in a shared environment be aware it will perform outbound HTTP requests and write files to /tmp. If any of these inconsistencies are unacceptable, ask the author to: add 'wget' to required binaries, document dependency installation in the registry, or provide an explicit install spec so you can review what will be installed.
功能分析
Type: OpenClaw Skill
Name: gh-extract
Version: 0.0.2
The skill is suspicious due to the direct execution of `wget` with a user-provided URL in `gh_extract.py`. The `SKILL.md` instructs the AI agent to pass user input directly as the `<url>` argument to the Python script, which then uses `subprocess.run(['wget', ..., url])`. While `subprocess.run` with a list mitigates direct shell injection, it exposes the `wget` command to potential vulnerabilities if a crafted URL can exploit `wget` itself (e.g., arbitrary file writes or SSRF), representing a lack of robust input sanitization for external command execution.
能力评估
Purpose & Capability
The skill's name/description match the code and instructions: it converts GitHub URLs to raw.githubusercontent.com and fetches/ saves file contents. However there is a minor inconsistency: registry metadata lists only 'uv' as a required binary, while SKILL.md and the code also require 'wget'. The script also lists Python dependencies in its header (furl, requests, loguru, urllib3) but the registry has no install spec — this is plausible if the execution environment (uv) handles them, but it is a mismatch between declared and used requirements.
Instruction Scope
SKILL.md instructs the agent to run the provided script with a single GitHub URL and optionally save to a temp file. The script limits its actions to converting URLs, trying common README/SKILL files for repo/tree URLs, fetching via HTTP, or using wget to save to a temp dir. It does not reference unrelated system files, additional env vars, or external endpoints beyond GitHub/raw.githubusercontent.com. It will download arbitrary user-supplied URLs (expected behavior), so user-provided URLs must be trusted.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. The script header declares Python dependencies (PyPI packages) that will need to be present or installed by the runtime; how those get installed depends on the uv runtime but is not documented here. No remote install URLs or archive extraction are used.
Credentials
The skill requests no environment variables or credentials. It performs network requests to GitHub/raw.githubusercontent.com and spawns wget to save files into a temp directory. No access to other credentials, config paths, or unrelated services is requested.
Persistence & Privilege
always:false and no requests to modify other skills or global agent configuration. The skill creates temporary files when saving downloads, which is normal for this functionality and limited in scope.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gh-extract - 安装完成后,直接呼叫该 Skill 的名称或使用
/gh-extract触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
- Renamed main script from `gh-extract.py` to `gh_extract.py`.
- Now prints file content to stdout by default; use `--save` to save the file to a temp path.
- Added requirement for `wget` alongside `uv`.
- Improved handling for repo/tree URLs: automatically extracts `README.md`, `SKILL.md`, or `README.txt` if present.
- Clarified usage and updated documentation to match new script behavior.
v0.0.1
Initial release: Extracts and downloads content from GitHub URLs.
- Supports GitHub repo, tree, and file (blob) URLs.
- Converts standard URLs to their raw content equivalent.
- Downloads the raw file and saves it to a temporary directory.
- Prints the path to the downloaded file.
- Requires the `uv` tool installed on your system.
- Works with public GitHub repositories only.
元数据
常见问题
GitHub Extract 是什么?
Extract content from a GitHub url. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 929 次。
如何安装 GitHub Extract?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gh-extract」即可一键安装,无需额外配置。
GitHub Extract 是免费的吗?
是的,GitHub Extract 完全免费(开源免费),可自由下载、安装和使用。
GitHub Extract 支持哪些平台?
GitHub Extract 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 GitHub Extract?
由 guoqiao(@guoqiao)开发并维护,当前版本 v0.0.2。
推荐 Skills