← 返回 Skills 市场
149
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install github-automation
功能描述
Automate common GitHub tasks — create issues, check PR status, list repos, manage projects. Use when the user wants to interact with GitHub programmatically...
使用说明 (SKILL.md)
GitHub Automation
Streamline GitHub workflows from the command line. Create issues, check PRs, manage repos without switching contexts.
Usage
create issue: fix login bug
check my prs
list repos
close issue #123
Features
Issues
- Create issues with title/body/labels
- List open/closed issues
- Close or comment on issues
- Search issues
Pull Requests
- Check PR status and reviews
- List open PRs
- Comment on PRs
- Check merge status
Repositories
- List user/org repos
- Check repo stats
- Get recent commits
- Check branch status
User
- Check notifications
- Get user profile info
- List starred repos
Script
# Create issue
python scripts/gh_tool.py issue create "Title" "Body" --repo owner/repo --labels bug
# List PRs
python scripts/gh_tool.py pr list --repo owner/repo
# Check notifications
python scripts/gh_tool.py notifications
Authentication
Uses GITHUB_TOKEN environment variable. Set it in your env:
export GITHUB_TOKEN=ghp_your_token_here
Token Permissions Needed
repo- Repository accessissues- Issue managementpull_requests- PR accessnotifications- Read notifications
Examples
create issue in myrepo: bug - login fails with 500 error
check prs for pollinations/pollinations.ai
list my repos
close issue #42 in cloudgptapi
Output
- Success/failure confirmation
- Issue/PR numbers and URLs
- Formatted lists with key info
- Direct links to GitHub
安全使用建议
Do not install or run this skill with a high-privilege personal access token until issues are resolved. Specific recommendations:
- Ask the publisher/author to update the registry metadata to declare GITHUB_TOKEN as a required credential and to state minimal needed scopes.
- Request or patch the script to remove the insecure SSL override (delete ctx.check_hostname = False and ctx.verify_mode = ssl.CERT_NONE) so cert validation is enforced.
- Prefer a least-privilege token (or a GitHub App / fine-grained token) scoped only to what you need (e.g., public_repo vs full repo access, issues-only if you only manage issues).
- Review the script yourself or run it in an isolated environment before giving it a real token.
- If you cannot get the TLS issue fixed, do not use this skill with tokens that grant access to sensitive or private repositories.
功能分析
Type: OpenClaw Skill
Name: github-automation
Version: 1.0.0
The skill bundle contains a critical security vulnerability in `scripts/gh_tool.py` where SSL certificate verification is explicitly disabled (`ssl.CERT_NONE` and `check_hostname = False`). This flaw exposes the user's `GITHUB_TOKEN` and repository data to Man-in-the-Middle (MitM) attacks. While the script's functionality aligns with its stated purpose of GitHub automation, the intentional bypass of standard transport security protocols is a high-risk implementation.
能力评估
Purpose & Capability
Name/description, SKILL.md, and the Python tool are coherent: they interact with the GitHub API to manage issues/PRs/repos and require a GitHub token. However the registry metadata declares no required environment variables / primary credential while both SKILL.md and scripts/gh_tool.py explicitly require GITHUB_TOKEN. That metadata mismatch is an incoherence that could hide credential requirements from users or automated installers.
Instruction Scope
SKILL.md instructs using the included script and setting GITHUB_TOKEN (appropriate). The script only accesses GitHub API endpoints and does not read other files or unrelated env vars. However the script creates an SSL context that disables hostname checking and certificate verification (ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE), which weakens transport security and could allow intercepted or redirected API traffic — this is an unexpected and unsafe implementation detail not mentioned in the docs.
Install Mechanism
This is instruction-only with an included Python script and no install spec, so nothing is downloaded or installed automatically. That lowers installation risk; the user runs the contained script directly.
Credentials
Functionality legitimately requires a GitHub token with repository/issues/notifications scopes, which the SKILL.md documents. But the registry metadata failing to declare required env vars/primary credential is an inconsistency. Also requested scopes (repo, issues, pull_requests, notifications) are powerful — users should prefer least-privilege tokens or fine-grained app tokens rather than a broad PAT.
Persistence & Privilege
The skill does not request 'always: true', does not write persistent agent-wide settings, and does not modify other skills. Agent autonomous invocation is allowed (platform default) but not an additional privilege here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-automation - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-automation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - Automate GitHub workflows
元数据
常见问题
GitHub Automation 是什么?
Automate common GitHub tasks — create issues, check PR status, list repos, manage projects. Use when the user wants to interact with GitHub programmatically... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 149 次。
如何安装 GitHub Automation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-automation」即可一键安装,无需额外配置。
GitHub Automation 是免费的吗?
是的,GitHub Automation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
GitHub Automation 支持哪些平台?
GitHub Automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 GitHub Automation?
由 CJ Hauser(@cloudcompile)开发并维护,当前版本 v1.0.0。
推荐 Skills