功能描述

Automatically interprets GitHub repositories to generate structured reports with project stats, core features, architecture highlights, and quick links.

使用说明 (SKILL.md)

GitHub Reader Skill v3.1

Name: Github Reader
Author: krislu1221

深度解读 GitHub 项目 / Deeply Analyze GitHub Projects

📖 自动解读 GitHub 项目，生成结构化分析报告
📖 Automatically analyze GitHub projects and generate structured analysis reports

🚀 安装 / Installation

cd github-reader/
./install_v3_secure.sh

然后重启你的 Agent gateway / Then restart your Agent gateway:

# OpenClaw / 其他兼容平台 / Other compatible platforms
openclaw gateway restart
# 或 / or
\x3Cyour-platform> gateway restart

💡 用法 / Usage

命令方式 / Command Mode

/github-read microsoft/BitNet

自然语言 / Natural Language

帮我解读这个仓库：https://github.com/HKUDS/nanobot
Help me analyze this repo: https://github.com/HKUDS/nanobot

简短格式 / Short Format

分析 HKUDS/nanobot
Analyze HKUDS/nanobot

📊 输出示例 / Output Example

好的！已经抓取到相关项目的详细信息，让我来为您解读：
Great! I've captured detailed information about the project, let me analyze it for you:

# 📦 microsoft/BitNet 深度解读报告
# microsoft/BitNet In-depth Analysis Report

> **分析时间 / Analysis Time**: 2026-03-13 01:27  
> **数据来源 / Data Sources**: Zread 深度解读 + 技术社区 + 互联网信息，仅供参考  
> **Data Sources**: Zread in-depth analysis + Tech community + Internet information, for reference only

---

## 💡 一句话介绍 / One-Sentence Introduction
BitNet.cpp 是微软官方推出的 1 比特量化大语言模型推理框架...  
BitNet.cpp is Microsoft's official 1-bit quantized LLM inference framework...

## 📊 项目卡片 / Project Cards
| 指标 / Metric | 值 / Value |
|------|-----|
| ⭐ Stars | 12.5k |
| 🍴 Forks | 2.1k |
| 📝 Issues | 156 |
| 🐍 语言 / Language | Python |
| 📄 许可证 / License | MIT License |

## 🔗 快速链接 / Quick Links
| 平台 / Platform | 链接 / Link | 说明 / Description |
|------|------|------|
| **GitHub** | https://github.com/microsoft/BitNet | 源代码仓库 / Source code repository |
| **Zread** | https://zread.ai/microsoft/BitNet | 📖 深度解读（推荐）/ In-depth analysis (Recommended) |
| **GitView** | `http://localhost:8080/?repo=microsoft/BitNet` | 🚀 快速概览（可选）/ Quick overview (Optional) |

> **注意 / Note**: 
> - Zread 是第三方深度代码解读服务（可选）/ Zread is a third-party code analysis service (optional)
> - GitView 需要本地运行（可选）/ GitView requires local setup (optional)
> - GitHub 是必需的代码源 / GitHub is the required code source

🛡️ 安全特性 / Security Features (v3.0)

P0 级别（高危修复）/ P0 Level (Critical Fixes)

✅ 输入验证 / Input Validation - 防止 URL 注入 / Prevents URL injection
✅ 安全 URL 拼接 / Safe URL Joining - 防止 SSRF / Prevents SSRF attacks
✅ 缓存数据验证 / Cache Data Validation - 防止投毒 / Prevents poisoning
✅ 路径安全检查 / Path Security Check - 防止遍历 / Prevents traversal

P1 级别（中危修复）/ P1 Level (Medium Fixes)

✅ 浏览器并发限制 / Browser Concurrency Limit
✅ API 频率限制 / API Rate Limiting
✅ 超时控制 / Timeout Control

⚙️ 配置 / Configuration

环境变量 / Environment Variables

# 缓存配置 / Cache Configuration
export GITVIEW_CACHE_DIR="/tmp/gitview_cache"  # 缓存目录 / Cache directory
export GITVIEW_CACHE_TTL="24"                   # 缓存时间（小时）/ Cache TTL (hours)
export GITVIEW_CACHE_MAX_SIZE="1"               # 最大缓存文件（MB）/ Max cache file (MB)

# 性能配置 / Performance Configuration
export GITVIEW_MAX_BROWSER="3"                  # 最大并发浏览器 / Max concurrent browsers
export GITVIEW_GITHUB_DELAY="1.0"               # API 调用间隔（秒）/ API call delay (seconds)

# 超时配置 / Timeout Configuration
export GITVIEW_BROWSER_TIMEOUT="30"             # 浏览器超时（秒）/ Browser timeout (seconds)
export GITVIEW_GITHUB_TIMEOUT="10"              # GitHub API 超时（秒）/ GitHub API timeout (seconds)

📈 性能指标 / Performance Metrics

场景 / Scenario	耗时 / Time	备注 / Notes
首次分析 / First analysis	10-15 秒 / seconds	抓取 + 分析 / Fetch + Analyze
缓存命中 / Cache hit	\x3C 1 秒 / second	直接返回 / Direct return
缓存过期 / Cache expiry	12-24 小时 / hours	可配置 / Configurable

📁 文件结构 / File Structure

github-reader/
├── github_reader_v3_secure.py       # v3.0 主代码 / v3.0 Secure main code
├── __init__.py                      # Skill 注册 / Skill registration
├── clawhub.json                     # ClawHub 元数据 / ClawHub metadata
├── SECURITY.md                      # 安全指南 / Security guide
├── RELEASE_NOTES.md                 # 发布说明 / Release notes
├── README_BILINGUAL.md              # 简洁中英对照 / Concise bilingual README
├── README_EN_CN.md                  # 详细中英对照 / Detailed bilingual README
├── PACKAGE.md                       # 打包说明 / Package guide
└── install_v3_secure.sh             # 安装脚本 / Installation script

🔧 技术栈 / Tech Stack

语言 / Language: Python 3.9+
依赖 / Dependencies: OpenClaw compatible platform
工具 / Tools: web_fetch, browser
缓存 / Cache: 文件系统缓存（JSON 格式）/ File system cache (JSON format)
并发 / Concurrency: asyncio 异步编程 / asyncio async programming

📞 支持 / Support

GitHub Issues: https://github.com/your-repo/github-reader-skill/issues
讨论区 / Discussions: https://github.com/your-repo/github-reader-skill/discussions
文档 / Documentation: See README_EN_CN.md for full documentation

📄 许可证 / License

MIT License

👨💻 作者 / Author

Krislu + 🦐 虾软

版本 / Version: v3.1（安全加固版 / Security Hardened）
最后更新 / Last Updated: 2026-03-13

安全使用建议

What to consider before installing: 1) Prompt-injection artifact: SKILL.md contains unicode control characters (scanner flagged 'unicode-control-chars'). Open the SKILL.md in a hex-capable editor or use a script (e.g., grep -nP '\p{C}' or hexdump) to confirm and remove any invisible characters. Treat that as a red flag until explained by the author. 2) Source trust: The package lists a GitHub repository URL placeholder and the skill's source/homepage is 'unknown' in the registry metadata. Prefer installing only from a verifiable source (official repo or known author). Verify the repository and author (Krislu / '虾软') before trusting the package. 3) Network behavior: The skill will call api.github.com and optionally zread.ai, and may use a headless browser to render pages (the 'browser' tool). If you run this skill, consider restricting its network access (or run in a sandbox) if you don't want it contacting third‑party services. The localhost GitView URL is expected but monitor to ensure no unexpected internal network access occurs. 4) Run in a safe environment first: Install and test in an isolated environment (VM or container) and monitor network traffic (tcpdump) and file writes (/tmp/gitview_cache). The installer only copies packaged files, but you should still inspect the Python files (especially github_reader_v3_secure.py) for any obfuscated or hidden code before enabling it in production. 5) Credentials: This skill does not require credentials now. Do not supply a GITHUB_TOKEN or other secrets unless you understand and accept the risk. The docs mention adding GITHUB_TOKEN to support private repos in a future release—only provide it if you trust the package and host. 6) If you need to move forward: (a) inspect SKILL.md and python source for hidden characters or obfuscation, (b) verify the package repository and recent commits, (c) run static analysis / lint and run the skill with restricted network and filesystem permissions, (d) confirm the security claims in SECURITY_AUDIT.md by running the test cases locally. If the unicode-control characters are explained (benign encoding artifact) and the package origin is verified, this assessment would likely move to 'benign'.

功能分析

Type: OpenClaw Skill Name: github-reader Version: 3.1.3 The GitHub Reader Skill is a well-structured tool designed to analyze GitHub repositories using the GitHub API and the Zread.ai service. The codebase (specifically github_reader_v3_secure.py) demonstrates high security awareness, implementing robust input validation via regex, SSRF protection through URL encoding, and path traversal prevention for its local caching system (/tmp/gitview_cache). It includes concurrency limits, rate limiting, and timeout controls to ensure resource stability, and the documentation (SECURITY_AUDIT.md) transparently addresses potential security flags like the use of a local GitView service on localhost:8080.

能力评估

✓ Purpose & Capability

The files and runtime instructions align with the described purpose: the code fetches GitHub API data, optionally scrapes third-party analysis (zread.ai), renders pages via a browser tool, and caches results. No unrelated credentials or exotic binaries are requested. One minor note: registry metadata indicated 'instruction-only' (no install spec) while the package actually includes code and an install script—this is plausible but should be noticed.

⚠ Instruction Scope

SKILL.md tells users to run the packaged install script and restart the agent gateway (expected). However a pre-scan found 'unicode-control-chars' in SKILL.md (prompt-injection pattern). The docs include references to local endpoints (http://localhost:8080 for GitView) and third-party zread.ai—these are expected for functionality, but the presence of unicode control characters in the skill documentation is suspicious because such characters can be used to hide or alter prompts and may attempt to manipulate model parsing. Also SECURITY_AUDIT.md and PACKAGE.md include diagnostic commands that reference local paths, but they do not directly instruct the skill to read arbitrary unrelated user files.

✓ Install Mechanism

Install is via a packaged shell script (install_v3_secure.sh) that copies the included files into a user skill directory and creates /tmp/gitview_cache. There are no external downloads, no use of URL shorteners or untrusted hosts in the installer, and files are local to the package—this is lower risk than remote installs. The install script does set permissions and creates directories in the user's home and /tmp, which is expected for a skill that caches data.

✓ Credentials

No required secrets or primary credential are declared. Environment variables referenced are all configuration flags for caching, timeouts, and concurrency (GITVIEW_*) which are proportionate to the functionality. Documentation mentions optional future support for a GITHUB_TOKEN for private repos, but that is not required now.

✓ Persistence & Privilege

The skill is not marked always:true and is user-invocable only (normal). The installer copies files into the user's skill directory and creates a cache directory; it does not request or attempt to modify other skills or global system settings. Autonomous invocation is allowed by default but not an additional privilege in this package.

版本历史

v3.1.3

- Added SECURITY_AUDIT.md to enhance documentation of security practices. - Updated ClawHub metadata (clawhub.json). - No changes to core features or user-facing functionality.

v3.1.2

- Fixed output: GitView quick link now rendered as a code block (backticks) for clarity in documentation and output. - Minor documentation update in SKILL.md for improved consistency.

v3.1.1

github-reader v3.1.1 - Updated internal metadata and configuration files (__init__.py, _meta.json, clawhub.json). - No changes to core functionality, security features, or user experience. - Documentation, usage, and output examples remain unchanged.

v3.0.7

No user-facing changes detected in this release. - No modifications to any files. - Documentation, features, and usage remain unchanged.

v3.0.6

No user-visible changes in this version. - No file changes detected compared to the previous version. - Documentation, usage, features, and configuration remain the same.

v3.0.5

- Added new documentation and metadata files: PACKAGE.md, README.md, README_EN_CN.md, RELEASE_NOTES.md, _meta.json, and install_v3_secure.sh. - Expanded and improved skill documentation for installation, usage, security features, and configuration. - No changes to core functionality—this update is focused on documentation and packaging improvements.

v3.0.4

- Removed redundant documentation and installation files, including PACKAGE.md, README.md, README_EN_CN.md, RELEASE_NOTES.md, _meta.json, and install_v3_secure.sh. - Updated metadata file clawhub.json. - No changes to main feature set or usage. - Documentation now streamlined; some detailed guides and package notes were removed.

v3.0.3

- Added new metadata file: _meta.json. - No changes to functionality or documentation.

v3.0.2

- Clarified in the output example that Zread and GitView are optional and GitView requires local setup. - Added a note explaining the role of each quick link (GitHub is required; Zread and GitView optional). - Minor wording adjustments in the sample output and quick links description for improved clarity. - No code or functional changes; documentation only.

v3.0.1

**v3.0.1 changelog:** - Documentation updated with detailed bilingual (Chinese & English) usage instructions and output examples. - Significant expansion of content covering installation steps, configuration via environment variables, and performance metrics. - Added comprehensive section on security features (input validation, SSRF prevention, rate/timeout limits). - File structure details and technical stack information now included. - Support and contact information provided with links to issues/discussions. - No underlying file or code changes; update is focused on documentation improvements.

v3.0.0

GitHub Reader Skill 3.0.0 introduces comprehensive structured GitHub project reports and enhanced automation. - 自动识别任何 GitHub URL 并生成结构化报告 - 输出包括项目概览、核心价值、主要功能、架构亮点、快速开始指南和建议阅读顺序 - 新增集成 Zread 深度解读和 GitView 快速概览链接 - 支持自然语言和命令两种触发方式 - 项目属性采用格式化显示，包含相对时间 - 配置选项支持自动 URL 检测

元数据

Slug github-reader

版本 3.1.3

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 11

常见问题

Github Reader 是什么？

Automatically interprets GitHub repositories to generate structured reports with project stats, core features, architecture highlights, and quick links. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 423 次。

如何安装 Github Reader？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-reader」即可一键安装，无需额外配置。

Github Reader 是免费的吗？

是的，Github Reader 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Github Reader 支持哪些平台？

Github Reader 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Github Reader？

由 Krislu（@krislu1221）开发并维护，当前版本 v3.1.3。

Github Reader