← 返回 Skills 市场
520
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install github-manager
功能描述
全面管理GitHub仓库,支持自动代码审查、部署、changelog生成、CI/CD配置、Bug跟踪和项目管理自动化。
使用说明 (SKILL.md)
GitHub Manager Skill
一个全面的GitHub仓库管理工具,提供代码审查、自动部署、changelog生成、CI/CD配置、Bug追踪和项目管理自动化功能。
功能特性
1. 代码审查
- 自动PR审查和建议
- 代码质量检查
- 安全漏洞扫描
- 代码风格一致性检查
2. 自动部署
- 自动化部署流水线
- 多环境部署(开发/测试/生产)
- 回滚机制
- 部署状态监控
3. Changelog自动生成
- 基于commit消息自动生成changelog
- 版本号管理
- 发布说明生成
4. CI/CD配置
- GitHub Actions工作流模板
- 测试自动化
- 构建和发布流程
- 环境变量管理
5. Bug追踪与修复
- Issue模板管理
- Bug优先级分类
- 自动分配和跟踪
- 修复验证
6. 项目管理自动化
- 项目看板管理
- 里程碑跟踪
- 自动化任务分配
- 进度报告生成
配置要求
必需配置
- GitHub Token: 具有repo权限的Personal Access Token
- GitHub用户名: 你的GitHub用户名
可选配置
- 默认仓库: 经常操作的仓库
- Webhook URL: 用于接收GitHub事件通知
- 部署环境: 开发/测试/生产环境配置
使用方法
初始化配置
# 设置GitHub认证
github config --token YOUR_GITHUB_TOKEN --username YOUR_USERNAME
# 设置默认仓库
github config --default-repo username/repo-name
常用命令
仓库管理
# 列出所有仓库
github repos list
# 创建新仓库
github repos create --name my-new-repo --description "New repository"
# 克隆仓库
github repos clone username/repo-name
# 同步仓库
github repos sync username/repo-name
代码审查
# 审查PR
github review pr --number 123
# 自动审查所有打开的PR
github review all
# 设置审查规则
github review rules --set "require-tests=true"
部署管理
# 部署到开发环境
github deploy dev --branch main
# 部署到生产环境
github deploy prod --tag v1.0.0
# 查看部署状态
github deploy status
# 回滚部署
github deploy rollback --to v0.9.0
Changelog管理
# 生成changelog
github changelog generate --since v1.0.0
# 发布新版本
github release create --version v1.1.0 --notes "New features added"
# 更新changelog
github changelog update --version v1.1.1 --type "fix"
CI/CD管理
# 查看工作流状态
github ci status
# 运行特定工作流
github ci run --workflow test.yml
# 查看构建日志
github ci logs --run-id 123456
Bug管理
# 列出所有issue
github issues list
# 创建bug报告
github issues create --title "Bug found" --body "Description" --label bug
# 分配issue
github issues assign --number 45 --assignee username
# 关闭issue
github issues close --number 45 --comment "Fixed in PR #123"
项目管理
# 查看项目看板
github projects list
# 添加任务到看板
github projects add-task --project "Development" --title "Implement feature X"
# 更新任务状态
github projects update --task 123 --status "In Progress"
# 生成进度报告
github projects report --weekly
自动化工作流
每日检查
# 检查未处理的PR
github daily-check prs
# 检查失败的CI构建
github daily-check ci
# 检查过期的issue
github daily-check issues
发布流程
# 完整的发布流程
github release workflow --version v1.2.0
配置文件
config.json
{
"github": {
"token": "YOUR_GITHUB_TOKEN",
"username": "YOUR_USERNAME",
"defaultRepo": "username/repo-name",
"webhookUrl": "https://your-webhook-url.com",
"environments": {
"dev": {
"branch": "develop",
"autoDeploy": true
},
"prod": {
"branch": "main",
"requireReview": true
}
}
}
}
安全注意事项
- Token安全: 不要将token提交到版本控制
- 权限最小化: 只授予必要的权限
- 定期轮换: 定期更新访问token
- 审计日志: 记录所有操作
故障排除
常见问题
- 认证失败: 检查token是否有效且有足够权限
- API限制: GitHub API有速率限制,使用缓存避免频繁调用
- 网络问题: 检查网络连接和代理设置
调试模式
github --debug \x3Ccommand>
扩展功能
自定义脚本
可以在scripts/目录下添加自定义脚本扩展功能。
插件系统
支持通过插件添加新功能:
github plugin install \x3Cplugin-name>
更新和维护
定期检查更新:
github self-update
查看版本信息:
github version
注意: 使用前请确保已正确配置GitHub认证信息。
安全使用建议
This package contains real executable code (Node.js CLI) and is not just a text-only instruction set — do not install/run blindly. Important points: 1) The SKILL.md and code require a GitHub Personal Access Token and a GitHub username, but the registry metadata does not declare those credentials — treat that as a metadata/censorship mismatch and require the token only with least privileges (repo scope as necessary). 2) You must run npm install (Node >=14) to satisfy dependencies before using the CLI; the registry entry doesn't declare this. 3) The changelog generator uses child_process.execSync with direct string interpolation of tag/argument values — this can lead to shell injection if untrusted inputs are passed by an agent. Avoid feeding untrusted strings to the skill or run it in an isolated environment. 4) The tool writes .github-manager.json in the current directory (may contain tokens); ensure that file is not committed and run in a safe working directory. 5) If you plan to use webhook/Slack/Discord/Telegram fields, be aware those are outbound endpoints and will expose deployment/CI notifications. Recommendations before installing: inspect the full source (you already have it), run npm install in an isolated container or VM, create a GitHub token with minimal required scopes, avoid running automated/self-update/plugin commands until the code provenance is verified, and ask the publisher/registry to correct metadata to declare required env vars and install steps.
功能分析
Type: OpenClaw Skill
Name: github-manager
Version: 1.0.0
The GitHub Manager skill bundle provides legitimate repository management and CI/CD automation features, but it contains a shell injection vulnerability in 'scripts/generate-changelog.js'. The script concatenates the 'sinceTag' variable directly into a shell command string executed via 'execSync' without sanitization, which could allow arbitrary command execution. While no clear evidence of intentional malice or data exfiltration was found, the lack of input validation on shell-executing functions meets the criteria for a suspicious classification.
能力评估
Purpose & Capability
The SKILL.md and code clearly require a GitHub Personal Access Token and username (and Node.js/npm to run), which are appropriate for a GitHub manager. However the registry metadata claims no required env vars/primary credential and no install requirements, which is inconsistent with the included code (package.json, Octokit usage). The skill is not truly 'instruction-only' given the bundled code and Node dependencies.
Instruction Scope
Runtime instructions and code read/write a local config file (.github-manager.json), call GitHub APIs, run local git commands, and offer 'self-update' / plugin install behavior. The generate-changelog script uses execSync with unsanitized interpolation of a --since / tag parameter (shell command built with user input), which creates a command-injection risk if untrusted input is passed. The SKILL.md's instructions instruct writing tokens to disk (config file) — expected but worth noting.
Install Mechanism
Registry lists no install spec, but the bundle includes package.json and Node dependencies (@octokit/rest, commander, etc.). To run the CLI you must run npm install and possibly npm link; this is not reflected in registry metadata. Absence of an install step could cause users/agents to execute code without proper dependency installation or validation.
Credentials
Requesting a GitHub token and username is proportionate to the stated purpose. The problem is the registry metadata fails to declare these required credentials (metadata: none). Config-template also includes optional webhook/slack/discord/telegram fields — optional and expected, but these would grant outbound notification hooks if populated.
Persistence & Privilege
The skill is not always:true and does not request system-wide privileges. It stores configuration in the current working directory (.github-manager.json) which is appropriate for a CLI. It does not appear to modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-manager - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-manager触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
_No unreleased changes yet._
---
## [1.0.0] - 2025-03-12
### Added
- **Repository management**
- `repos list`: List all repositories for the authenticated user
- `repos create`: Create new repository with Node gitignore and MIT license, optional description and private flag
- **Code review**
- `review pr`: Review pull requests with file change summary (+/- lines)
- Automatic suggestions: tests for large PRs, documentation updates, large file warnings, config change reminders
- File type hints (JS/TS, Markdown, JSON)
- **Changelog**
- `changelog generate`: Generate changelog from commit history
- Categorization: New Features, Bug Fixes, Breaking Changes, Other
- Optional `--since` tag to limit range
- **Issue management**
- `issues list`: List open issues with labels and creation date
- `issues create`: Create issue with title, body, and labels
- `issues close`: Close issue by number
- **CI/CD**
- `ci setup`: Generate `.github/workflows/` with `ci.yml` and `deploy.yml`
- CI workflow: Node 18.x/20.x matrix, test + lint, build on main
- Deploy workflow: Trigger on version tags (`v*`), build and deploy placeholder
- **Configuration**
- `config`: Save GitHub token, username, and optional default repo to `.github-manager.json`
- Config template: `config-template.json` with environments, review/changelog/CI/issue/project settings
- **Standalone scripts**
- `scripts/project-manager.js`: Projects v2 API, list/create projects, boards, milestones, weekly reports
- `scripts/code-review.js`: Standalone PR code review with detailed analysis
- `scripts/generate-changelog.js`: Local git-based changelog generation with configurable types and template
- **CLI**
- Global `github` command via `npm link`
- `--repo owner/repo` and default repo support
- Inline help when no valid subcommand is given
### Dependencies
- `@octokit/rest` ^20.0.2 — GitHub API
- `commander` ^11.0.0 — CLI parsing
- `chalk` ^4.1.2 — Terminal colors
- `inquirer` ^8.2.6, `ora` ^5.4.1, `figlet` ^1.6.0, `boxen` ^5.1.2 — UX
### Requirements
- Node.js >= 14.0.0
- GitHub Personal Access Token with `repo` scope
元数据
常见问题
AutoGitHub 是什么?
全面管理GitHub仓库,支持自动代码审查、部署、changelog生成、CI/CD配置、Bug跟踪和项目管理自动化。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 520 次。
如何安装 AutoGitHub?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-manager」即可一键安装,无需额外配置。
AutoGitHub 是免费的吗?
是的,AutoGitHub 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AutoGitHub 支持哪些平台?
AutoGitHub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AutoGitHub?
由 shiiyyo(@shiiyyo)开发并维护,当前版本 v1.0.0。
推荐 Skills