← 返回 Skills 市场

GitHub Bug Report

Name: GitHub Bug Report
Author: markma84

作者 MarkMa84 · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-bug-report

功能描述

Submit bug reports to GitHub for OpenClaw issues. Use when: (1)发现了明确的bug并想提交给官方; (2)官方产品出现问题需要报障; (3)想查询现有issue状态; (4)需要跟进已提交issue的进展. Includes issue templat...

使用说明 (SKILL.md)

GitHub Bug Report

向 OpenClaw 官方仓库提交 bug report 的标准化流程。

核心原则

提交前先搜索是否有人已经报过同样的问题，避免重复
格式按官方建议：标题含版本号、步骤编号、预期 vs 实际结果分开
提交后用 cron 建跟进提醒，三天后 bump 一次

Issue 提交标准格式

标题格式：[版本号] Bug简述

内容必须包含：

## Bug Description
（清晰描述问题）

## Steps to Reproduce
1. 第一步
2. 第二步
3. 第三步

## Expected Behavior
（预期应该怎样）

## Actual Behavior
（实际出了什么岔子）

## Environment
- OS / 版本
- OpenClaw 版本
- Node 版本
- Model（如果是模型相关）

## Additional Context
（如有日志、截图、配置 JSON，贴在这里）

快速提交流程

1. 提交新 issue

# 使用 scripts/submit_issue.py
python3 scripts/submit_issue.py --title "[v1.x.x] Bug标题" --body "内容"

2. 提交后立即建 cron 跟进

提交成功后，用 cron 建一个 3 天后的提醒：

{
  "name": "Bug跟进-#\x3Cissue号>",
  "schedule": { "kind": "cron", "expr": "0 10 * * *", "tz": "Asia/Shanghai" },
  "payload": {
    "kind": "agentTurn",
    "message": "检查 GitHub issue #\x3Cissue号> 是否有官方回复，如果没有，去 bump 一下（留言：Any update?）"
  },
  "sessionTarget": "isolated",
  "delivery": { "mode": "announce" }
}

3. 检查是否已有重复 issue

提交前先搜索：

curl -s "https://api.github.com/search/issues?q=checkpoint+orphan+repo:openclaw/openclaw" \
  -H "Authorization: token $GITHUB_TOKEN"

常用 GitHub API

操作	API
查 issue	`GET /repos/openclaw/openclaw/issues/\x3Cnumber>`
搜 issue	`GET /search/issues?q=关键词+repo:openclaw/openclaw`
建 issue	`POST /repos/openclaw/openclaw/issues`
更新 issue	`PATCH /repos/openclaw/openclaw/issues/\x3Cnumber>`
查 repo 信息	`GET /repos/openclaw/openclaw`

GitHub Token

当前 token：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

Header 格式：

Authorization: token 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
Accept: application/vnd.github+json
Content-Type: application/vnd.github+json

相关文件

提交脚本：scripts/submit_issue.py
快速参考：references/quick-ref.md

安全使用建议

Do not install or use this skill as-is. The package contains a plaintext GitHub token that could be valid and would allow API access to the openclaw/openclaw repository. Ask the author to remove the embedded token and change the code to accept a GITHUB_TOKEN (or other secret) provided at runtime; if you've already exposed this token (e.g., pasted it elsewhere), rotate/revoke it in GitHub immediately and check the token's scopes. Also verify you want automated cron-based 'bump' behavior before enabling any follow-up automation to avoid unintended spamming.

功能分析

Type: OpenClaw Skill Name: github-bug-report Version: 1.0.2 The skill bundle contains a hardcoded GitHub Personal Access Token (PAT) `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` within `SKILL.md`, `scripts/submit_issue.py`, and `references/quick-ref.md`. While the script logic is focused on legitimate GitHub Issue management (searching, creating, and updating issues), hardcoding credentials is a severe security vulnerability. Furthermore, `SKILL.md` instructs the agent to establish cron jobs for automated follow-ups; while this aligns with the stated purpose of tracking bug reports, it represents a high-risk persistence mechanism that could be easily repurposed for malicious intent.

能力评估

⚠ Purpose & Capability

The declared purpose (creating/searching/updating GitHub issues for the openclaw/openclaw repo) matches the script and instructions. However, instead of asking for a runtime credential (e.g., GITHUB_TOKEN) or documenting how to supply one, the skill embeds a plaintext token directly in SKILL.md and scripts. Embedding credentials is not necessary to achieve the stated purpose and is an inappropriate design choice.

⚠ Instruction Scope

SKILL.md instructs the agent/user to call the GitHub API and to create cron reminders; those actions are within the stated scope. But the instructions repeatedly include a literal Authorization token value and example curl commands using it, which causes the agent to use that embedded secret. The cron follow-up behavior (automatic bump reminders) could cause automated spamming of issues if misused and should require explicit user consent/configuration.

✓ Install Mechanism

There is no install spec (instruction-only plus a small Python script). Nothing is downloaded from remote URLs or written during install. This lowers supply-chain risk.

⚠ Credentials

The skill declares no required environment variables but contains a hard-coded token (ghp_...) in both SKILL.md and scripts. Proper, proportionate behavior would be to require a single GITHUB_TOKEN environment variable (or document use of a personal access token) and not ship a credential. The embedded token grants repository-scoped API access and is a clear overreach for distributed code/documentation.

ℹ Persistence & Privilege

always:false and autonomous invocation are default and acceptable. The only persistence-related action in the docs is creating cron reminders for follow-up; that is not inherently malicious but creates ongoing automated activity and should be opt-in and limited. The skill does not request system-wide config changes or modify other skills.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-bug-report
安装完成后，直接呼叫该 Skill 的名称或使用 /github-bug-report 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

Simplified: removed public/ layer, skill now at .openclaw/skills/github-bug-report/

v1.0.1

Fixed: move to .openclaw/skills/public/ (shared skills location)

v1.0.0

Initial release: submit bug reports to OpenClaw GitHub with standard format, API scripts, and cron follow-up

元数据

Slug github-bug-report

版本 1.0.2

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 3

常见问题