← 返回 Skills 市场

iStore Build OpenClash

Name: iStore Build OpenClash
Author: veelove

作者 VEE · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install istore-build-openclash

功能描述

创建 OpenClash GitHub Actions 构建 workflow 并直接推送到用户 GitHub 仓库。触发词：构建 OpenClash、istore-build-openclash、创建 OpenClash workflow

使用说明 (SKILL.md)

istore-build-openclash

将 OpenClash 构建 workflow 直接推送到用户的 GitHub 仓库。

工作流程

收集配置 — 请求用户的 GitHub 仓库地址和 Personal Access Token
写入 workflow — 通过 GitHub API 直接创建 .github/workflows/build-openclash.yml
设置 Workflow permissions — 通过 GitHub API 开启 Read and write permissions

使用前提

已在 GitHub 上 fork istoreos/istoreos
生成了 Personal Access Token（需开启 repo 权限）

获取 GitHub Token

访问 https://github.com/settings/tokens/new
选择 Generate new token (classic)
勾选 repo 权限
生成后复制 Token

提示用户输入

当用户触发此 skill 时，要求提供：

GitHub 仓库地址：格式 https://github.com/YOUR_USER/istoreos.git
Personal Access Token：用于推送代码和设置仓库权限

执行步骤

1. 通过 GitHub API 创建 workflow 文件

# 从 references/build-openclash.yml 读取内容，然后通过 API 创建文件
curl -s -X PUT \
  -H "Authorization: token \x3CTOKEN>" \
  -H "Accept: application/vnd.github+json" \
  -H "Content-Type: application/json" \
  https://api.github.com/repos/\x3CUSER>/\x3CREPO>/contents/.github/workflows/build-openclash.yml \
  -d '{
    "message": "Add OpenClash build workflow",
    "content": "\x3CBASE64_encoded_content>"
  }'

2. 设置 Workflow permissions

curl -s -X PUT \
  -H "Authorization: token \x3CTOKEN>" \
  -H "Accept: application/vnd.github+json" \
  https://api.github.com/repos/\x3CUSER>/\x3CREPO>/actions/permissions/workflow \
  -d '{"default_workflow_permissions":"write","can_approve_pull_request_reviews":true}'

推送后告诉用户

OpenClash workflow 已推送到仓库
可在 GitHub Actions 页面手动触发构建
选择架构后等待构建完成
下载 .run 文件到路由器执行即可

安全使用建议

Only use this skill if you are comfortable letting it modify your GitHub repository. Prefer a temporary fine-grained token limited to the target fork, review the workflow file before it is committed, consider skipping or reverting the workflow permission change, revoke the token afterward, and inspect the generated installer before running it on a router.

功能分析

Type: OpenClaw Skill Name: istore-build-openclash Version: 1.0.1 The skill requires the user to provide a GitHub Personal Access Token (PAT) with broad 'repo' permissions and uses it to modify repository files and security settings via the GitHub API (SKILL.md). Specifically, it automates the elevation of workflow permissions to 'read and write' and pushes a custom workflow file. While these actions are consistent with the stated purpose of automating OpenClash builds, the handling of high-privilege secrets and the modification of repository security configurations via an AI agent's execution environment pose a significant security risk.

能力标签

requires-oauth-tokenrequires-sensitive-credentials

能力评估

⚠ Purpose & Capability

The purpose is clear, but the skill's capability includes direct repository mutation, a broad GitHub PAT, and repository Actions permission changes.

⚠ Instruction Scope

The instructions use raw GitHub API PUT calls to create a workflow file and change repository workflow permissions, with limited scoping, rollback, or confirmation guidance.

ℹ Install Mechanism

There is no local install code; the main installed artifact is a persistent GitHub Actions workflow copied from references/build-openclash.yml.

⚠ Credentials

A classic repo-scoped GitHub token and write/PR-review workflow permissions are high-impact compared with simply committing one workflow file.

⚠ Persistence & Privilege

The workflow and repository-level permission changes remain after the skill finishes unless the user removes the workflow and reverts the settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install istore-build-openclash
安装完成后，直接呼叫该 Skill 的名称或使用 /istore-build-openclash 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

直接通过 GitHub API 推送 workflow，无需克隆仓库

v1.0.0

Initial release

元数据

Slug istore-build-openclash

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题