← 返回 Skills 市场
qvshuo

github-skill-manager

作者 An Jing · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
80
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install github-skill-manager
功能描述
管理来自 GitHub 仓库的技能。用户要安装技能、检查技能更新、更新已安装技能、卸载技能,或提到注册技能、GitHub 技能、REGISTRY.yaml 时,优先使用此技能。
使用说明 (SKILL.md)

Skill Manager

帮助管理来自 GitHub 仓库的技能安装、检查更新、更新和卸载。

技能安装到 skills/{skill-name}/,并通过 skills/skill-manager/REGISTRY.yaml 记录来源与 commit SHA。

前置条件

所有 GitHub 操作都依赖已认证的 gh CLI。

执行前运行:

gh auth status

如果失败,提示:请先运行 gh auth login。 并停止。

输入

从来源中提取这 4 个字段:

字段 说明 示例
owner 仓库所有者 openai
repo 仓库名称 skills
branch 分支名,默认 main main
path 仓库内技能目录路径 skills/example-skill

技能名称取 path 的最后一段目录名。

沟通

检查更新时,用表格输出结果:

| 技能名称      | 本地 commit SHA | 远程 commit SHA | 状态 |
|---------------|-----------------|-----------------|------|
| example-skill | abc1234         | def5678         | 需要更新 |
| web-search    | 9f8e7d6         | 9f8e7d6         | 已是最新 |

安装、更新或卸载完成后,明确告诉用户受影响的技能名称和结果。

安装

安装指定来源的技能,并写入 REGISTRY.yaml

步骤:

  1. 解析来源,提取 ownerrepobranchpath
  2. 下载仓库归档并提取目标目录
  3. 将技能保存到 skills/{skill-name}/
  4. REGISTRY.yaml 中追加条目,记录 ownerrepobranchpathcommitupdated

使用:

gh api "repos/{owner}/{repo}/tarball/{branch}" > archive.tar.gz
# 解压后将 {path} 复制到 skills/{skill-name}/

如果目标目录已存在,停止安装,不覆盖现有目录。

检查更新

扫描 REGISTRY.yaml,检查已注册技能的远程 commit SHA 是否发生变化。

使用:

gh api "repos/{owner}/{repo}/contents/{path}?ref={branch}" --jq '.sha'

默认检查全部已注册技能;如果用户指定技能名,只检查对应条目。

检查失败时,跳过该技能,并保持本地文件和注册表不变。

更新

更新已注册技能中有变化的条目。

步骤:

  1. 先运行更新检查
  2. 对每个需要更新的技能,重新下载并替换 skills/{skill-name}/
  3. 更新对应注册表条目的 commitupdated

未指定技能名时,更新全部过期技能;指定技能名时,只更新对应条目。

如果技能未注册,先告诉用户该技能不在 REGISTRY.yaml 中,不执行更新。

更新前如果发现本地有未保存的修改,先提示冲突风险。

任何下载或更新失败时,不覆盖本地文件,不修改对应注册表条目。

卸载

删除技能目录,并从 REGISTRY.yaml 中移除对应条目。

步骤:

  1. 确认技能名称
  2. 删除 skills/{skill-name}/
  3. REGISTRY.yaml 中移除对应条目

如果技能目录不存在但注册表条目存在,只移除注册表条目。

注册表

位置:skills/skill-manager/REGISTRY.yaml

skills:
  - owner: openai
    repo: skills
    branch: main
    path: skills/example-skill
    commit: abc123def456
    updated: 2026-01-01

规则:

  • 安装时追加新条目
  • 更新时只修改目标条目的 commitupdated
  • 不重新排序,不删除无关条目

行为约束

  • 仅管理来自 GitHub 仓库的技能
  • 默认以 branch=main 处理未显式指定分支的来源
  • 不覆盖现有技能目录,除非当前操作就是更新该技能
  • 不覆盖失败的下载结果或半成品目录
安全使用建议
This skill appears to do what it says: manage skills stored in GitHub repositories using the gh CLI. Before installing or letting an agent use it, ensure: (1) you have gh installed and authenticated (run gh auth status); (2) the GitHub account/token used by gh has only the minimum required scopes you accept, because the skill will use your gh credentials to fetch repos; (3) you trust the source repository before installing a skill (installing writes files that the agent may later execute); (4) keep backups of skills/ and skills/skill-manager/REGISTRY.yaml, and review the repo contents (or a commit SHA) before installation. Note the manifest omission: the skill expects gh but does not declare it — consider adding that requirement or verifying gh is available before use.
功能分析
Type: OpenClaw Skill Name: github-skill-manager Version: 1.0.3 The 'github-skill-manager' acts as a package manager for the OpenClaw agent, providing instructions in SKILL.md to download, install, and update code from arbitrary GitHub repositories using the 'gh' CLI. While the logic appears transparent and aligned with its stated purpose, the capability to fetch and execute remote code is a high-risk behavior that could be leveraged for Remote Code Execution (RCE) if the agent is directed to a malicious repository. No evidence of intentional malice, such as hardcoded malicious URLs or data exfiltration, was found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
The skill is explicitly a GitHub-based skill manager and its instructions use the gh CLI and GitHub tarball/contents APIs — this is appropriate for the stated purpose. Minor inconsistency: SKILL.md requires an authenticated gh CLI (gh auth status) but the skill metadata lists no required binaries or primary credential.
Instruction Scope
SKILL.md limits actions to downloading/extracting repo archives, copying skill directories into skills/{skill-name}/, and updating skills/skill-manager/REGISTRY.yaml. It does not instruct reading unrelated system files or sending data to external endpoints other than GitHub, and it includes safety checks (don't overwrite existing directories, check for uncommitted changes).
Install Mechanism
This is an instruction-only skill with no install spec and no archives pulled from arbitrary servers; downloads are via GitHub repository tarballs (gh api), which is an expected and lower-risk source for this purpose.
Credentials
The skill relies on gh being installed and authenticated (gh auth status). That implies use of locally-stored GitHub credentials (gh's OAuth/token). The manifest does not declare this dependency or any required env vars; while expected for GitHub operations, users should be aware the skill will use whatever gh credentials are configured on the host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' configurations beyond adding/removing entries in its own REGISTRY.yaml, and its filesystem writes are scoped to skills/{skill-name}/ and skills/skill-manager/REGISTRY.yaml as described.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install github-skill-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /github-skill-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Improved documentation: SKILL.md now provides clear step-by-step instructions for installing, updating, and uninstalling skills from GitHub repositories. - Outlines input fields, system requirements, and usage examples for managing skills via the `gh` CLI and REGISTRY.yaml tracking. - Defines precise behavior for skill installation, version checking, updates, and removal, including conflict and error handling. - Clarifies communication: results, updates, and errors are reported directly to the user with tables or targeted messages. - Enforces strict management of skills only from GitHub and reinforces safeguards against unwanted overwrites and partial installations.
元数据
Slug github-skill-manager
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

github-skill-manager 是什么?

管理来自 GitHub 仓库的技能。用户要安装技能、检查技能更新、更新已安装技能、卸载技能,或提到注册技能、GitHub 技能、REGISTRY.yaml 时,优先使用此技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。

如何安装 github-skill-manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-skill-manager」即可一键安装,无需额外配置。

github-skill-manager 是免费的吗?

是的,github-skill-manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

github-skill-manager 支持哪些平台?

github-skill-manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 github-skill-manager?

由 An Jing(@qvshuo)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论