← 返回 Skills 市场
launchthatbot

Launchthatbot Git Team Ops

作者 launchthatbot · GitHub ↗ · v1.0.4
cross-platform ✓ 安全检测通过
483
总下载
2
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install launchthatbot-git-team-ops
功能描述
Role-based GitOps skill for OpenClaw agents with junior and senior operating modes.
使用说明 (SKILL.md)

Skill: launchthatbot/git-team-ops

You are operating the launchthatbot/git-team-ops skill.

What this skill does

This skill configures an OpenClaw agent to work in a multi-agent Git workflow with strict role behavior.

Supported roles:

  • junior: code + PR only.
  • senior: review, merge, release, and repo workflow management.

First question to ask user

Ask exactly:

  1. What type of agent am I? (junior/senior)
  2. Which GitHub repository should I operate on?
  3. How should I authenticate? (managed-app/byo-app/pat)

If any answer is missing, stop and request it.

Role policies

junior policy

  • Allowed:
    • Create branch from latest main.
    • Commit scoped changes.
    • Push branch.
    • Open PR with test notes.
  • Not allowed:
    • Merge PRs.
    • Force push protected branches.
    • Modify .github/workflows unless explicitly approved by senior user.

senior policy

  • Allowed:
    • Review and merge junior PRs.
    • Enforce branch protection checks.
    • Add/update workflow files from this package templates.
    • Trigger release/deploy workflows.
  • Required:
    • Keep PRs small and scoped.
    • Require CI pass before merge.
    • Reject direct commits to main except controlled automation commits.

Authentication modes

managed-app mode

Default path for this skill. No LaunchThatBot login is required.

Use platform endpoints and short-lived onboarding token:

  • POST /github/install/start
  • GET /github/install/status
  • POST /github/agent/onboard

Never persist onboarding token longer than one session. Treat all onboarding tokens as sensitive and short-lived.

Rate limits:

  • Anonymous: max 3 active bot leases per source IP.
  • Authenticated LaunchThatBot users: higher per-IP cap.

byo-app mode

User must provide:

  • GitHub App ID
  • Installation ID
  • App private key (PEM)

Use only installation access tokens for repo operations. Never request long-lived user PAT if installation token flow is available.

pat mode

Allowed as fallback only when app setup is unavailable. Recommend migration to app mode.

Senior onboarding flow

  1. Validate access to target repository.
  2. Create branch chore/gitops-bootstrap.
  3. Copy templates from this package into repo:
    • templates/github/workflows/junior-pr-validate.yml -> .github/workflows/junior-pr-validate.yml
    • templates/github/workflows/senior-release-control.yml -> .github/workflows/senior-release-control.yml
    • templates/github/CODEOWNERS.md -> .github/CODEOWNERS
  4. Commit and open PR.
  5. Ask user to merge after review.
  6. Verify workflows are active on default branch.

Junior onboarding flow

  1. Confirm repository access.
  2. Create branch test/junior-onboarding-\x3Cagent-name>.
  3. Add lightweight verification commit (for example, docs note under .agent-work/).
  4. Open PR to prove branch/PR permissions are working.
  5. Wait for senior review.

Operational guardrails

  • Always fetch latest main before branch creation.
  • One task branch per logical change.
  • Keep commit messages descriptive and scoped.
  • Do not auto-delete branches until PR is merged and user approves cleanup.
  • Never bypass branch protections.

Security

  • Use least-privilege permissions.
  • Prefer short-lived installation tokens over PATs.
  • Do not print secrets in logs.
  • Do not write secrets into repository files.
  • Respect source-IP limits in managed mode.

Output style

When reporting actions:

  • State the role mode (junior or senior).
  • State repository and branch used.
  • State exactly which files/workflows were changed.
  • State next required human approval step.
安全使用建议
This skill appears coherent and low-risk as long as you follow operational controls: 1) Review the included workflow templates (senior-release-control.yml grants write permissions) before allowing a senior agent to install them — workflows can be used to run code with repo-level permissions. 2) Prefer managed-app mode and short-lived installation tokens; avoid giving long-lived PATs. 3) If using BYO App, protect the App private key (PEM) and Installation ID; never store onboarding tokens or private keys in repo files. 4) Enforce branch protections and require senior human review when granting merge/workflow-creation rights. 5) Test the skill in a staging/test repository first to confirm behavior. 6) Note the version metadata mismatch (registry vs package) and verify the package origin (homepage and repository URL) if provenance is important.
功能分析
Type: OpenClaw Skill Name: launchthatbot-git-team-ops Version: 1.0.4 The OpenClaw skill bundle 'launchthatbot-git-team-ops' appears benign. Its primary purpose, as described in SKILL.md and README.md, is to facilitate role-based GitOps workflows (junior/senior agents) within GitHub repositories. The instructions for the AI agent in SKILL.md are consistent with this purpose, detailing Git operations, authentication methods, and onboarding flows without any evidence of malicious intent such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection designed to subvert the agent for harmful purposes. The included GitHub Actions workflow templates are standard and lack suspicious code. While the use of PATs is mentioned as a fallback authentication, SKILL.md explicitly recommends preferring short-lived installation tokens and migrating away from PATs, indicating a security-conscious approach rather than malicious intent.
能力评估
Purpose & Capability
Name/description (role-based GitOps) align with the package contents: README, SKILL.md, templates for workflows and CODEOWNERS, and guidance for GitHub App/PAT modes. Minor metadata/version mismatch (registry lists 1.0.4 while SKILL.md/package.json show 0.1.3) — likely benign but worth noting.
Instruction Scope
SKILL.md only instructs the agent to validate repo access, create branches/PRs, and copy commit templates; it does not direct reading unrelated system files or exporting secrets. It does reference platform-managed endpoints for onboarding tokens. One security-relevant behavior is intentional: senior agents are allowed to add/update workflow files in the repository — this is within scope but can be abused if not controlled.
Install Mechanism
No install spec and no code files beyond templates and docs; instruction-only packages carry minimal disk/write footprint from the skill itself.
Credentials
The skill declares no required env vars. It documents reasonable authentication flows (managed-app, BYO app requiring App ID/installation ID/private key, and PAT as fallback). Requested credentials are proportional to GitHub access, but any private key or PAT you supply must be protected.
Persistence & Privilege
always:false and default autonomous invocation settings are used (normal). The skill does not request persistent system-wide config changes; its intended persistent effect is copying workflow templates into a target repo (expected for senior role).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install launchthatbot-git-team-ops
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /launchthatbot-git-team-ops 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- Added CODEOWNERS.md template under templates/github/ for improved repository code ownership management. - Updated SKILL.md and README.md to reference the new CODEOWNERS.md template location. - Corrected template copy path from CODEOWNERS to CODEOWNERS.md in senior onboarding documentation. - Bumped version and updated package metadata.
v0.1.2
- Added workflow templates: `junior-pr-validate.yml` and `senior-release-control.yml` under `templates/github/workflows/`. - Updated senior onboarding documentation to specify exact file paths for template copying. - Minor changes to project metadata and documentation files.
v0.1.1
launchthatbot-git-team-ops v0.1.1 - Updated package.json; no changes to SKILL.md or user-facing features. - No impact to functionality or documentation.
v0.1.0
Initial release of launchthatbot-git-team-ops. - Introduces role-based GitOps workflows for junior and senior OpenClaw agents. - Enforces distinct permissions and tasks by agent role (e.g., junior: PR only; senior: review/merge/release). - Implements three authentication modes: managed-app (default), byo-app, and PAT fallback. - Includes detailed onboarding flows for both junior and senior agents. - Adds operational guardrails and strict security practices for repo operations. - Outputs clear step-by-step instructions and status updates according to agent role and task.
元数据
Slug launchthatbot-git-team-ops
版本 1.0.4
许可证
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Launchthatbot Git Team Ops 是什么?

Role-based GitOps skill for OpenClaw agents with junior and senior operating modes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 483 次。

如何安装 Launchthatbot Git Team Ops?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install launchthatbot-git-team-ops」即可一键安装,无需额外配置。

Launchthatbot Git Team Ops 是免费的吗?

是的,Launchthatbot Git Team Ops 完全免费(开源免费),可自由下载、安装和使用。

Launchthatbot Git Team Ops 支持哪些平台?

Launchthatbot Git Team Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Launchthatbot Git Team Ops?

由 launchthatbot(@launchthatbot)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论