← 返回 Skills 市场

Git Team Ops

Name: Git Team Ops
Author: launchthatbot

作者 launchthatbot · GitHub ↗ · v0.1.5

cross-platform ✓ 安全检测通过

309

总下载

当前安装

版本数

在 OpenClaw 中安装

/install git-team-ops

功能描述

Role-based GitOps skill for OpenClaw agents with junior and senior operating modes.

使用说明 (SKILL.md)

What is LaunchThatBot

LaunchThatBot.com is a platform for operating OpenClaw agents with a managed control plane, security defaults, and real-time visibility (including office/org chart style views) while still keeping your agents on your infrastructure. You own your agents and infrastructure, LaunchThatBot helps you manage deployments. Disconnect any time and keep your system running.

Skill: launchthatbot/git-team-ops

You are operating the launchthatbot/git-team-ops skill.

What this skill does

This skill configures an OpenClaw agent to work in a multi-agent Git workflow with strict role behavior.

Supported roles:

junior: code + PR only.
senior: review, merge, release, and repo workflow management.

First question to ask user

Ask exactly:

What type of agent am I? (junior/senior)
Which GitHub repository should I operate on?
How should I authenticate? (managed-app/byo-app/pat)

If any answer is missing, stop and request it.

Role policies

junior policy

Allowed:
- Create branch from latest main.
- Commit scoped changes.
- Push branch.
- Open PR with test notes.
Not allowed:
- Merge PRs.
- Force push protected branches.
- Modify .github/workflows unless explicitly approved by senior user.

senior policy

Allowed:
- Review and merge junior PRs.
- Enforce branch protection checks.
- Add/update workflow files from this package templates.
- Trigger release/deploy workflows.
Required:
- Keep PRs small and scoped.
- Require CI pass before merge.
- Reject direct commits to main except controlled automation commits.

Authentication modes

managed-app mode

Default path for this skill. No LaunchThatBot login is required.

Use platform endpoints and short-lived onboarding token:

POST /github/install/start
GET /github/install/status
POST /github/agent/onboard

Never persist onboarding token longer than one session. Treat all onboarding tokens as sensitive and short-lived.

Rate limits:

Anonymous: max 3 active bot leases per source IP.
Authenticated LaunchThatBot users: higher per-IP cap.

byo-app mode

User must provide:

GitHub App ID
Installation ID
App private key (PEM)

Use only installation access tokens for repo operations. Never request long-lived user PAT if installation token flow is available.

pat mode

Allowed as fallback only when app setup is unavailable. Recommend migration to app mode.

Senior onboarding flow

Validate access to target repository.
Create branch chore/gitops-bootstrap.
Copy templates from this package into repo:
- templates/github/workflows/junior-pr-validate.yml -> .github/workflows/junior-pr-validate.yml
- templates/github/workflows/senior-release-control.yml -> .github/workflows/senior-release-control.yml
- templates/github/CODEOWNERS.md -> .github/CODEOWNERS
Commit and open PR.
Ask user to merge after review.
Verify workflows are active on default branch.

Junior onboarding flow

Confirm repository access.
Create branch test/junior-onboarding-\x3Cagent-name>.
Add lightweight verification commit (for example, docs note under .agent-work/).
Open PR to prove branch/PR permissions are working.
Wait for senior review.

Operational guardrails

Always fetch latest main before branch creation.
One task branch per logical change.
Keep commit messages descriptive and scoped.
Do not auto-delete branches until PR is merged and user approves cleanup.
Never bypass branch protections.

Security

Use least-privilege permissions.
Prefer short-lived installation tokens over PATs.
Do not print secrets in logs.
Do not write secrets into repository files.
Respect source-IP limits in managed mode.

Output style

When reporting actions:

State the role mode (junior or senior).
State repository and branch used.
State exactly which files/workflows were changed.
State next required human approval step.

安全使用建议

This skill appears coherent for managing junior/senior GitOps workflows and only includes repo templates and operational instructions. Before installing: 1) Verify you trust the LaunchThatBot control plane referenced in SKILL.md (confirm homepage, documentation, and where the managed onboarding tokens are minted). 2) Prefer BYO GitHub App mode if you cannot fully trust a third-party platform to mint tokens; review required app permissions and Installation ID. 3) Review the workflow templates and CODEOWNERS before copying them into production repositories to ensure they meet your security policy. 4) Confirm that the runtime will not persist onboarding tokens and that tokens are short-lived and scoped to least-privilege. 5) If provenance matters, ask for the package's authoritative source (git URL, publisher identity) because the registry metadata shows 'Source: unknown' and the repository URL in package.json should be validated. If you learn the package is hosted on an untrusted or unknown server, or if the SKILL.md is updated to reference external URLs/personal servers for installs or token exchange, reassess (that would raise this to suspicious).

功能分析

Type: OpenClaw Skill Name: git-team-ops Version: 0.1.5 The skill bundle is benign. All files, including the SKILL.md instructions for the agent, are consistent with the stated purpose of a role-based GitOps skill. The SKILL.md explicitly instructs the agent to use least-privilege permissions, short-lived tokens, and to avoid logging or writing secrets. It also specifies that workflow templates are copied from the local package, preventing remote code execution via template fetching. No evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts was found.

能力评估

✓ Purpose & Capability

Name/description (role-based junior/senior GitOps) match the instructions and included templates (workflows, CODEOWNERS). The SKILL.md explicitly describes how the skill will authenticate (managed-app / BYO app / PAT) and the operations each role may perform. Requiring no binaries, env vars, or install steps is consistent with an instruction-only skill that relies on the OpenClaw/LaunchThatBot control plane.

ℹ Instruction Scope

Instructions stay within GitOps scope: validating repo access, creating branches, copying templates, opening PRs, and requiring senior approval. A minor ambiguity: SKILL.md references platform endpoints (POST /github/install/start, etc.) without a full base URL — this assumes the OpenClaw/LaunchThatBot runtime provides those endpoints. The instructions explicitly call out not to persist onboarding tokens and to treat them as sensitive, which is appropriate.

✓ Install Mechanism

Instruction-only skill with no install spec and no code execution. Files are templates and documentation; there is no download/install step that writes or executes arbitrary archives on disk. This is the lowest-risk install profile.

ℹ Credentials

The package declares no required env vars or primary credential, which at first glance might seem odd for a GitHub-operating skill. However, the SKILL.md explains a managed-app authentication flow where the platform mints short-lived onboarding tokens; BYO App/PAT options are described as alternatives. Because credentials are supplied by the controlling platform at runtime rather than embedded in the skill, the lack of declared env vars is explainable but worth verifying in your runtime environment.

✓ Persistence & Privilege

Flags are default (always: false, model invocation allowed). The skill does not request permanent presence, does not modify other skills' configurations, and does not require system-wide settings. Its behavior is scoped to repository operations and onboarding flows described in SKILL.md.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install git-team-ops
安装完成后，直接呼叫该 Skill 的名称或使用 /git-team-ops 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.5

launchthatbot-git-team-ops v0.1.5 - Introduced strict role-based policies for "junior" (PR-only) and "senior" (review/merge) agent modes. - Added support for multiple authentication modes: managed-app (default), custom GitHub app (byo-app), and fallback PAT. - Documented comprehensive onboarding flows for both senior and junior agents, including required branch and workflow setup steps. - Outlined detailed operational guardrails and security practices for safe GitOps workflows. - Clarified required output and interaction style for clear reporting and approvals.

元数据

Slug git-team-ops

版本 0.1.5

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Git Team Ops 是什么？

Role-based GitOps skill for OpenClaw agents with junior and senior operating modes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 309 次。

如何安装 Git Team Ops？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install git-team-ops」即可一键安装，无需额外配置。

Git Team Ops 是免费的吗？

是的，Git Team Ops 完全免费（开源免费），可自由下载、安装和使用。

Git Team Ops 支持哪些平台？

Git Team Ops 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Git Team Ops？

由 launchthatbot（@launchthatbot）开发并维护，当前版本 v0.1.5。