← 返回 Skills 市场
waldekmastykarz

gitload

作者 waldekmastykarz · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2946
总下载
3
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install gitload
功能描述
This skill should be used when the user asks to "download files from GitHub", "fetch a folder from a repo", "grab code from GitHub", "download a GitHub repository", "get files from a GitHub URL", "clone just a folder", or needs to download specific files/folders from GitHub without cloning the entire repo.
使用说明 (SKILL.md)

gitload

Download files, folders, or entire repos from GitHub URLs using the gitload CLI.

When to Use

Use gitload when:

  • Downloading a specific folder from a repo (not the whole repo)
  • Fetching a single file from GitHub
  • Downloading repo contents without git history
  • Creating a ZIP archive of GitHub content
  • Accessing private repos with authentication

Do NOT use gitload when:

  • Full git history is needed (use git clone instead)
  • The repo is already cloned locally
  • Working with non-GitHub repositories

Prerequisites

Run gitload via npx (no install needed):

npx gitload-cli https://github.com/user/repo

Or install globally:

npm install -g gitload-cli

Basic Usage

Download entire repo

gitload https://github.com/user/repo

Creates a repo/ folder in the current directory.

Download a specific folder

gitload https://github.com/user/repo/tree/main/src/components

Creates a components/ folder with just that folder's contents.

Download a single file

gitload https://github.com/user/repo/blob/main/README.md

Download to a custom location

gitload https://github.com/user/repo/tree/main/src -o ./my-source

Download contents flat to current directory

gitload https://github.com/user/repo/tree/main/templates -o .

Download as ZIP

gitload https://github.com/user/repo -z ./repo.zip

Authentication (for private repos or rate limits)

Using gh CLI (recommended)

gitload https://github.com/user/private-repo --gh

Requires prior gh auth login.

Using explicit token

gitload https://github.com/user/repo --token ghp_xxxx

Using environment variable

export GITHUB_TOKEN=ghp_xxxx
gitload https://github.com/user/repo

Token priority: --token > GITHUB_TOKEN > --gh

URL Formats

gitload accepts standard GitHub URLs:

  • Repo root: https://github.com/user/repo
  • Folder: https://github.com/user/repo/tree/branch/path/to/folder
  • File: https://github.com/user/repo/blob/branch/path/to/file.ext

Common Patterns

Scaffold from a template folder

gitload https://github.com/org/templates/tree/main/react-starter -o ./my-app
cd my-app && npm install

Grab example code

gitload https://github.com/org/examples/tree/main/authentication

Download docs for offline reading

gitload https://github.com/org/project/tree/main/docs -z ./docs.zip

Fetch a single config file

gitload https://github.com/org/configs/blob/main/.eslintrc.json -o .

Options Reference

Option Description
-o, --output \x3Cdir> Output directory (default: folder named after URL path)
-z, --zip \x3Cpath> Save as ZIP file at the specified path
-t, --token \x3Ctoken> GitHub personal access token
--gh Use token from gh CLI
--no-color Disable colored output
-h, --help Display help
-V, --version Output version

Error Handling

If gitload fails:

  1. 404 errors: Verify the URL exists and is accessible
  2. Rate limit errors: Add authentication with --gh or --token
  3. Permission errors: For private repos, ensure token has repo scope
  4. Network errors: Check internet connectivity

Notes

  • gitload downloads content via GitHub's API, not git protocol
  • No git history is preserved (use git clone if history is needed)
  • Large repos may take time; consider downloading specific folders
  • Output directory is created if it doesn't exist
安全使用建议
This skill appears to do what it says (download GitHub files), but exercise caution before installing or giving it tokens. Specific recommendations: - Verify the upstream gitload-cli package: check the npm page and the package's GitHub repo and maintainers before running npx. - Prefer using the gh CLI or an environment variable with minimal-scope tokens (repo scope only) instead of passing a token on the command line (avoid --token inline to prevent leaking via process lists or shell history). - If you must use this in an automated agent, run it in an isolated environment (container or sandpit) so npx-run code is contained. - Ask the publisher to update the skill metadata to list required binaries (node/npm/npx, optionally gh) and to document secure token handling. If you cannot verify the npm package or maintainers, treat this as untrusted and avoid running it on environments with sensitive data.
功能分析
Type: OpenClaw Skill Name: gitload Version: 1.0.0 The skill `gitload` is designed to download files, folders, or entire repositories from GitHub. The `SKILL.md` provides instructions for using the `gitload-cli` tool, including examples for downloading content, specifying output paths, and handling authentication with GitHub tokens. All described actions, such as file system writes, network access to GitHub, and the use of `npx` or `npm install`, are directly aligned with the stated purpose of fetching GitHub content. There is no evidence of intentional harmful behavior, data exfiltration, persistence mechanisms, or prompt injection attempts designed to subvert the agent's purpose or compromise the system. The risks associated with executing remote code via `npx` or `npm install` are inherent to these tools and not introduced by malicious intent within the skill's instructions.
能力评估
Purpose & Capability
The stated purpose (fetching files/folders from GitHub) is coherent with the instructions (using a gitload CLI to call the GitHub API). However the skill metadata declares no required binaries or env vars, while the SKILL.md clearly assumes availability of node/npm/npx and optionally the gh CLI and GITHUB_TOKEN; that metadata mismatch reduces trust in the manifest.
Instruction Scope
The runtime instructions direct the agent (or user) to run npx gitload-cli or install an npm package and to supply tokens via --token or GITHUB_TOKEN. npx executes code downloaded at runtime and the guidance to pass tokens on the command line (--token ghp_xxxx) can expose secrets (process lists, shell history). The instructions do not provide guidance for verifying the npm package source or minimizing token exposure.
Install Mechanism
There is no bundled code; the SKILL.md instructs using npx or npm install to fetch gitload-cli from the npm registry. Running npx executes third‑party code on demand (supply‑chain risk). The manifest offers no vetted release URL, checksum, or guidance to review the package, which increases risk compared with a bundled or well‑documented release.
Credentials
The skill metadata declares no required environment variables, but the documentation references GITHUB_TOKEN and passing tokens explicitly. Requesting a GitHub token is proportionate for private-repo access, but the instructions suggest insecure usage (inline --token) and do not limit or recommend minimal scopes. The mismatch between declared env requirements and documented token use is a red flag.
Persistence & Privilege
The skill is instruction-only and does not request persistent presence or special agent privileges (always:false). Autonomous invocation is allowed (platform default); combined with the instruction to run npx, that means the agent could autonomously download and execute an npm package when invoked — consider the increased blast radius if used autonomously.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gitload
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gitload 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of gitload. - Easily download files, folders, or entire repositories from GitHub URLs without cloning the whole repo. - Supports downloading to custom locations, flattening downloads, and saving as ZIP files. - Handles private repositories via GitHub token or gh CLI authentication. - Accepts both file and folder URLs, with direct support for main, branch, or custom paths. - Designed for quick scaffolding, fetching config/examples, and offline documentation retrieval. - No git history included; operates via GitHub API, not git protocol.
元数据
Slug gitload
版本 1.0.0
许可证
累计安装 7
当前安装数 7
历史版本数 1
常见问题

gitload 是什么?

This skill should be used when the user asks to "download files from GitHub", "fetch a folder from a repo", "grab code from GitHub", "download a GitHub repository", "get files from a GitHub URL", "clone just a folder", or needs to download specific files/folders from GitHub without cloning the entire repo. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2946 次。

如何安装 gitload?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gitload」即可一键安装,无需额外配置。

gitload 是免费的吗?

是的,gitload 完全免费(开源免费),可自由下载、安装和使用。

gitload 支持哪些平台?

gitload 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 gitload?

由 waldekmastykarz(@waldekmastykarz)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论