← 返回 Skills 市场
tag-assistant

Merge Check

作者 Tag · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
718
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install merge-check
功能描述
Analyze a GitHub pull request for mergeability — predict whether it will get merged based on technical, architectural, process, social, and compliance factor...
安全使用建议
This skill appears to do what it says (gather PR data and produce a mergeability report), but it omits key operational details. Before running/installing: 1) Inspect the script yourself (it is included) to confirm you're comfortable with gh API calls. 2) Ensure you have gh and jq installed; the skill should have declared those as required. 3) Be aware the script will use your GitHub CLI authentication (your gh auth or GH_TOKEN) to read repository and PR data — run it only with an account/token that has appropriate (least-privilege) access. 4) If you want tighter safety, run the script in an isolated environment or with a read-only token; ask the publisher to update metadata to list required binaries and explicit credential guidance.
功能分析
Type: OpenClaw Skill Name: merge-check Version: 1.0.0 The skill is classified as suspicious due to its reliance on executing a shell script (`scripts/merge-check.sh`) that performs extensive network calls to the GitHub API using the `gh` CLI. While the script's purpose is aligned with gathering data for PR analysis and shows no explicit malicious intent (e.g., data exfiltration, persistence, or arbitrary code execution), the use of `gh api` implies interaction with an external service and relies on the `gh` CLI's authentication token, which may possess broad permissions. This represents a powerful capability and potential attack surface if the underlying token is over-privileged or the script were to be modified, aligning with the 'risky capabilities without clear malicious intent' threshold.
能力评估
Purpose & Capability
The skill claims to analyze GitHub PRs and includes a shell script that uses the GitHub CLI (gh) and jq to call GitHub APIs and assemble PR data. That capability is appropriate for the described purpose, but the skill metadata declares no required binaries or credentials even though the script clearly depends on gh and jq and on an authenticated gh configuration (or GH_TOKEN). The omission is a mismatch between claimed requirements and actual needs.
Instruction Scope
SKILL.md and the included script limit runtime actions to calling the GitHub API (via gh) and local processing with jq/bash, gathering PR metadata, files, checks, reviews, comments, commits, and repository files like CODEOWNERS/CONTRIBUTING. The instructions do not request or transmit data to external endpoints beyond GitHub and do not attempt to read unrelated system files.
Install Mechanism
This is instruction-only (no install spec), so nothing is written to disk by an installer. However, the script depends on external binaries (gh and jq) that are not declared in the registry metadata. That omission can cause surprising failures or implicit trust in the local gh installation.
Credentials
The skill declares no required environment variables or primary credential, yet the script implicitly requires GitHub authentication via the gh CLI (which typically relies on stored credentials or GH_TOKEN). The metadata should explicitly declare this dependence and the minimal scopes needed; as-is the skill may run with the user's existing GitHub credentials without making that clear.
Persistence & Privilege
The skill does not request always:true, does not attempt to persist or modify other skills or system settings, and only prints JSON to stdout. There is no evidence it attempts to install persistent agents or change global configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install merge-check
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /merge-check 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
Slug merge-check
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Merge Check 是什么?

Analyze a GitHub pull request for mergeability — predict whether it will get merged based on technical, architectural, process, social, and compliance factor... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 718 次。

如何安装 Merge Check?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install merge-check」即可一键安装,无需额外配置。

Merge Check 是免费的吗?

是的,Merge Check 完全免费(开源免费),可自由下载、安装和使用。

Merge Check 支持哪些平台?

Merge Check 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Merge Check?

由 Tag(@tag-assistant)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论