← 返回 Skills 市场
myd2002

gitea-commit-report-skills

作者 myd2002 · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ⚠ suspicious
84
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gitea-commit-report-skills
功能描述
获取 Gitea 各仓库提交记录,调用 AI 生成进度报告,并发送 HTML 邮件给仓库管理员
使用说明 (SKILL.md)

Gitea Routine Report

功能描述

对每个 Gitea 可见仓库分别生成一份 HTML 格式进度报告,内容包括:

  • 情况总览(统计周期、提交次数、参与成员)
  • AI 综合评估(现状评估 + 下一步建议)
  • 成员贡献排行
  • 每位成员的工作摘要、文件类型分布、详细提交记录
  • 本期无提交成员名单(含连续未提交天数和最后提交日期)
  • 风险提示

每个仓库单独发送一封 HTML 邮件给该仓库的管理员。

使用场景

  • 当用户说"帮我生成进度报告"且未给出仓库与时间时触发(默认:全部可见仓库 + 最近 7 天)
  • 当用户说"帮我生成某个仓库的进度报告"并给出 owner/repo 时触发单仓库模式(默认:最近 7 天)
  • 当用户明确给出 since + until(或等价的起止日期)时触发绝对时间段模式(仓库可指定或不指定)
  • 当用户说"最近 N 小时 / 最近一天 / 最近三天"时触发相对时间语义解析,并先换算为绝对时间段后执行
  • 当用户需要按固定节奏推送团队进展(日报/周报)或临时排查某时间段风险时触发

使用方法

# 默认:全部可见仓库 + 最近7天
python scripts/generate_report.py

# 指定仓库 + 绝对时间段(UTC+8,北京时间)
python scripts/generate_report.py --repo mayidan/project-test --since 2026-04-01 --until 2026-04-07

# 只指定仓库、不指定时间时,默认最近7天
python scripts/generate_report.py --repo mayidan/project-test

# 全部可见仓库 + 绝对时间段(UTC+8,北京时间)
python scripts/generate_report.py --since 2026-04-01T00:00:00 --until 2026-04-07T23:59:59

# 用户说"最近 N 小时"时,内部先换算为绝对时间段后执行
# 例如:最近8小时 => until=当前时刻,since=当前时刻-8小时

执行流程

重要:必须严格按照以下四个步骤顺序执行,不得跳过任何步骤。

第一步:运行脚本获取数据(必须执行)

无论何时触发此 skill,必须首先根据用户输入选择以下命令之一获取最新数据,不得使用记忆中的历史数据:

  • 用户给出绝对时间段(since + until)且明确指定仓库时:
python scripts/generate_report.py --repo owner/repo --since 2026-04-01 --until 2026-04-07
  • 用户给出绝对时间段(since + until)但未指定仓库时:
python scripts/generate_report.py --since 2026-04-01T00:00:00 --until 2026-04-07T23:59:59
  • 用户只指定仓库(未给出绝对时间段)时:
python scripts/generate_report.py --repo owner/repo
  • 用户既未指定仓库,也未给出绝对时间段时(默认最近 7 天):
python scripts/generate_report.py

时间参数规则:

  • 统一使用绝对时间段:脚本参数为 --since--until
  • 当用户说"最近 N 小时"时,按当前时刻换算:until = nowsince = now - N 小时,再调用脚本。
  • 未提供时间参数时,默认统计最近 7 天(即 since = now - 168huntil = now)。
  • 日期格式支持:YYYY-MM-DDYYYY-MM-DDTHH:MM:SS(按 UTC+8/北京时间解释)。

第二步:从脚本输出中读取数据

脚本输出是一个 JSON 数组,每个元素包含:

  • repo:仓库名称
  • admin_email:仓库创建者邮箱
  • has_commits:本期是否有提交记录
  • time_range:统计周期简述
  • time_range_detail:统计周期详细时间范围
  • generated_at:生成时间
  • overview:总览数据(total_commits, total_members, total_deletions)
  • members:各成员数据(含 commit_details, file_type_summary, branches)
  • inactive_members:本期无提交成员列表(含 name, last_commit_date, inactive_days)
  • vague_commits:模糊提交列表

第三步:对每个仓库,用 AI 生成纯文字内容(must output JSON only)

此步骤 AI 只负责生成文字内容,不得输出任何 HTML。

对 JSON 数组中 has_commits 为 true 的每一个仓库,根据该仓库的数据,生成如下结构的 JSON:

{
  "ai_overview": "根据提交内容和成员活跃度,用2-3句话评估本期项目整体进展和主要推进了哪些工作",
  "ai_suggestion": "根据现状和风险,给项目负责人1-2条具体可执行的建议,帮助推进后续工作",
  "member_summaries": {
    "成员名1": "根据该成员所有 commit message 提炼的一句话工作总结",
    "成员名2": "根据该成员所有 commit message 提炼的一句话工作总结"
  },
  "risk_notes": "风险提示内容,多条风险用换行分隔,每条以⚠️或ℹ️开头;若无风险则填空字符串"
}

输出要求(严格遵守):

  • 只输出上述 JSON,不得在 JSON 前后添加任何说明文字、代码块标记(```)或 HTML
  • member_summaries 中的键名必须与数据中的成员用户名完全一致
  • risk_notes 示例(多条换行): 
    ⚠️ ZhangYiwen 已连续 6 天未提交,上次提交日期:2026-04-04
⚠️ 发现 1 条模糊提交,建议规范提交信息
  • risk_notes 若本期无风险,填入空字符串 ""

第四步:调用脚本将数据 + AI 文字内容拼装为 HTML,并发邮件

❌ 禁止由 AI 直接拼写 HTML 正文,HTML 必须全部由脚本生成。

对每个仓库分别执行:

情况一:has_commits 为 false(本期无提交)

运行以下命令生成 HTML:

python -c "
import json, sys, os
sys.path.insert(0, 'scripts')
from render_email import render
data = json.loads(open('/tmp/report_data.json').read())
# 找到对应仓库
repo_data = next(d for d in data if d['repo'] == 'REPO_NAME')
html = render(repo_data)
open('/tmp/email_body.html', 'w').write(html)
print('HTML 已生成,长度:', len(html))
"

然后调用 imap-smtp-email skill 发送邮件:

  • 收件人:admin_email(除非用户指定了其他收件人)
  • 邮件主题:【项目进度报告】{repo} · {time_range}(time_range 取数据中的 time_range 字段,如"过去 7 天")
  • 邮件格式:HTML
  • 邮件正文:读取 /tmp/email_body.html 的内容

情况二:has_commits 为 true(本期有提交)

首先将第三步输出的 AI JSON 保存到 /tmp/ai_content_{repo_safe}.json(repo_safe 为仓库名中 / 替换为 _),然后运行:

python -c "
import json, sys, os
sys.path.insert(0, 'scripts')
from render_email import render
data = json.loads(open('/tmp/report_data.json').read())
ai_content = json.loads(open('/tmp/ai_content_REPO_SAFE.json').read())
repo_data = next(d for d in data if d['repo'] == 'REPO_NAME')
html = render(repo_data, ai_content)
open('/tmp/email_body.html', 'w').write(html)
print('HTML 已生成,长度:', len(html))
"

然后调用 imap-smtp-email skill 发送邮件:

  • 收件人:默认使用 admin_email,用户指定了收件人则以用户指定为准
  • 邮件主题:【项目进度报告】{repo} · {time_range}(time_range 取数据中的 time_range 字段)
  • 邮件格式:HTML
  • 邮件正文:读取 /tmp/email_body.html 的内容

依赖 skill

  • imap-smtp-email:发送邮件,请确保该 skill 已安装并配置好 SMTP 信息
安全使用建议
Before installing or running: - Verify environment variables: create and inspect ~/.config/gitea-routine-report/.env yourself and set GITEA_URL and GITEA_TOKEN to your trusted values. Do not rely on defaults. - Inspect render_email.py: it contains a fallback GITEA_URL = http://43.156.243.152:3000. If your GITEA_URL is missing or misconfigured, outgoing emails will include links to that IP. Remove or change that fallback to avoid leaking repository links to an external host. - Be cautious with main.js: it invokes the Python script via shell and its escaping is incomplete. Avoid passing untrusted user-controlled repo or time strings to the skill, and consider patching command building to use exec with argument arrays or stronger escaping to prevent shell injection. - Review and run setup.sh in an isolated environment (or read it thoroughly) before installing dependencies; it creates a virtualenv and will install Python packages. - Confirm the imap-smtp-email skill you will use to send messages is trusted and correctly configured (SMTP creds are not requested by this skill but will be needed by the email skill). - If you are not comfortable auditing or modifying the code (removing the hardcoded IP fallback and improving shell-safety), do not install or run this skill on production systems. If you want, I can: (a) show the exact lines that contain the hardcoded IP and the shell-escaping logic, (b) suggest a fixed version of main.js that avoids shell interpolation, or (c) produce a safer render_email.py snippet without the fallback host.
功能分析
Type: OpenClaw Skill Name: gitea-commit-report-skills Version: 1.2.0 The skill bundle automates Gitea commit reporting but introduces a significant Remote Code Execution (RCE) vulnerability through its instructions. In `skill.md`, the AI agent is directed to construct and execute Python one-liners (`python -c`) that incorporate repository names into string literals (e.g., `d['repo'] == 'REPO_NAME'`). If a Gitea repository is maliciously named to include Python escape sequences (e.g., `name'); import os; os.system('...`), it could lead to arbitrary code execution on the host. While `main.js` includes a basic shell escaping function, it does not account for this secondary injection vector within the AI-generated Python code. The presence of a hardcoded IP (`43.156.243.152`) in `scripts/render_email.py` as a default URL is also noteworthy, though it appears to be a development artifact rather than an exfiltration endpoint.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
SKILL.md and the Python scripts consistently require GITEA_URL and GITEA_TOKEN (and the code uses them to call the Gitea API), which is appropriate for the stated purpose. However, the registry metadata at the top-level claimed no required environment variables while SKILL.md declares GITEA_URL and GITEA_TOKEN and a ~/.config/.env path—this metadata mismatch is unexpected and should be resolved.
Instruction Scope
The runtime instructions narrowly limit the AI's role (AI must output JSON-only and must not generate HTML), and the code implements that flow. Concerns: (1) render_email.py contains a hardcoded fallback GITEA_URL pointing to IP 43.156.243.152 which will be used if the environment variable is missing, causing links in outgoing emails to point to that host; (2) main.js builds a shell command and uses a lightweight escape that does not guard against all shell metacharacters (e.g., semicolons, ampersands), which could enable command injection if repo or time inputs are attacker-controlled; (3) SKILL.md instructs to call an external imap-smtp-email skill for sending mail — ensure that skill is trusted and configured properly. The scripts do request and send owner emails (get_admin_emails), which is necessary to deliver reports but means address data will be read and used for outbound email.
Install Mechanism
There is no automated install spec in the registry (no package download), but the bundle includes setup.sh and Python requirements. That means nothing will be installed automatically by the platform, but the supplied setup.sh will create a virtualenv and install dependencies if run manually. This is lower risk than a remote download/install, but you should manually inspect and run setup.sh in a safe environment.
Credentials
The skill legitimately needs GITEA_URL and GITEA_TOKEN, and SKILL.md declares them (GITEA_TOKEN as primary credential). However: (1) the registry-level metadata claims no required env vars while the included SKILL.md and scripts require them—this inconsistency is suspicious; (2) render_email.py includes a hardcoded fallback GITEA_URL (http://43.156.243.152:3000) that is unrelated to the user's Gitea instance and could cause generated emails to link to that host if the environment is misconfigured; (3) the scripts read ~/.config/gitea-routine-report/.env automatically, so ensure you control that file and it does not contain unintended credentials.
Persistence & Privilege
The skill does not request always:true and does not claim persistent or elevated platform privileges. It does not modify other skills or system-wide settings. Its runtime behavior is limited to calling local scripts and requiring an external SMTP-sending skill for delivery.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gitea-commit-report-skills
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gitea-commit-report-skills 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
- 新增 AI 生成的项目进度报告内容自动整合进邮件,并丰富了报告结构及风险提示。 - 明确报告支持多种触发方式,包括默认触发、指定仓库、指定绝对或相对时间段等。 - 完善了执行流程与参数规范,强制严格分步执行,AI 只输出纯文字 JSON,由脚本负责 HTML 拼装和邮件发送。 - 报告内容显著扩展:成员贡献排行、详细工作摘要、无提交成员统计、模糊提交与风险提示。 - 文档新增详细操作示例、参数解析规则及依赖说明。
元数据
Slug gitea-commit-report-skills
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

gitea-commit-report-skills 是什么?

获取 Gitea 各仓库提交记录,调用 AI 生成进度报告,并发送 HTML 邮件给仓库管理员. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 84 次。

如何安装 gitea-commit-report-skills?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gitea-commit-report-skills」即可一键安装,无需额外配置。

gitea-commit-report-skills 是免费的吗?

是的,gitea-commit-report-skills 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

gitea-commit-report-skills 支持哪些平台?

gitea-commit-report-skills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 gitea-commit-report-skills?

由 myd2002(@myd2002)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论