← 返回 Skills 市场
159
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install github-tracker
功能描述
Monitors GitHub organization commits daily, providing team activity updates and current standings on demand via /team-status command.
使用说明 (SKILL.md)
Org Commit Monitor\r
\r
Setup\r
- Place
monitor.py, andSKILL.mdin the skill folder.\r - get the list of member needed for this skill from the
monitor.py\r - Set Environment Variables:\r
GITHUB_TOKEN: Your Personal Access Token.\rGITHUB_ORG: Your Organization name.\r \r
Automation\r
- Cron:
30 4 * * *(Runs daily at 10:00 AM IST; adjust for UTC timezone offset)\r - Action: Run
python3 monitor.pyand post output to #dev-updates.\r \r
Commands\r
/team-status: Runs the script immediately to show current standings.
安全使用建议
Do not install or run this skill without resolving inconsistencies: (1) Inspect monitor.py fully to confirm it only calls GitHub APIs and does not contact any other endpoints. (2) Confirm which environment variables the code actually needs — the script currently reads GITHUB_TOKEN but hardcodes ORG/TEAM_SLUG; either update the script to read GITHUB_ORG/TEAM_SLUG from env or change the documentation. (3) Use a least-privilege GitHub token (prefer read-only scopes such as read:org and repo:status or a token scoped to read-only access for the needed repos) and preferably a machine/bot account, not a personal account with broad permissions. (4) Be aware sample_state.json contains commit metadata (emails, commit URLs) which may be sensitive; avoid publishing it. (5) If you plan to post outputs to chat channels, ensure that posting is done by a trusted integration and not baked into the script. If the author cannot explain the env/metadata mismatch or provide a version that reads configuration from environment variables securely, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: github-tracker
Version: 1.0.3
The skill is a GitHub activity tracker designed to monitor commit frequency for a specific organization team ('OpenPecha'). It retrieves commit metadata via the GitHub API using a provided GITHUB_TOKEN and maintains local state in 'state.json'. While there is a minor discrepancy between the documentation and the hardcoded organization name in 'scripts/monitor.py', and the use of future-dated metadata/API versions, the code performs legitimate API interactions without evidence of data exfiltration, prompt injection, or malicious execution.
能力评估
Purpose & Capability
The SKILL.md and monitor.py both describe a GitHub org commit monitor (expected). However the SKILL.md tells the user to set GITHUB_ORG and GITHUB_TOKEN, while the repository metadata declares no required env vars. The script itself hardcodes ORG = "OpenPecha" and TEAM_SLUG = "openpecha-dev-team" rather than reading GITHUB_ORG, so the documentation and code are inconsistent.
Instruction Scope
Instructions ask to set GITHUB_ORG and to post output to a channel (#dev-updates), but the provided script uses a hardcoded ORG and TEAM_SLUG and performs GitHub API calls. The SKILL.md's step 'get the list of member needed for this skill from the monitor.py' is vague. The instructions assume a Personal Access Token (GITHUB_TOKEN) will be provided but the skill metadata does not declare this — the agent/user could unknowingly supply a high-privilege token.
Install Mechanism
No install spec (instruction-only with included script). Nothing is downloaded from external arbitrary URLs and no installers are invoked. Risk from install mechanism is low.
Credentials
SKILL.md requires GITHUB_TOKEN (PAT) and GITHUB_ORG but registry metadata lists none and no primary credential is declared. The script reads only GITHUB_TOKEN via _api_headers(), but also hardcodes ORG/TEAM_SLUG. The requested PAT is described as needing 'repo' scope in the script error message (full repo scope can be broad); minimal read-only scopes would be preferable. This mismatch and potentially overbroad token requirement is disproportionate and unclear.
Persistence & Privilege
Skill is not always:true, and there is no install that modifies other skills or global config. The script runs ad hoc/cron and does not request elevated platform privileges in metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-tracker - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-tracker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Added compiled Python bytecode file: scripts/__pycache__/monitor.cpython-312.pyc
- No changes to documentation or feature set.
v1.0.1
- Removed the deprecated get_team.py script.
- Updated setup instructions: team.json is no longer needed; team member list is now obtained from monitor.py.
v1.0.0
Initial release of Org Commit Monitor.
- Monitors organization commits using GitHub API.
- Provides daily automated updates to a designated channel.
- Supports manual status checks using the /team-status command.
- Setup instructions for environment variables and file placement included.
元数据
常见问题
Github_tracker 是什么?
Monitors GitHub organization commits daily, providing team activity updates and current standings on demand via /team-status command. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 159 次。
如何安装 Github_tracker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-tracker」即可一键安装,无需额外配置。
Github_tracker 是免费的吗?
是的,Github_tracker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Github_tracker 支持哪些平台?
Github_tracker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Github_tracker?
由 tenkus47(@tenkus47)开发并维护,当前版本 v1.0.3。
推荐 Skills