← 返回 Skills 市场
Open Source Analysis
作者
Xudong Guo
· GitHub ↗
· v1.0.2
· MIT-0
118
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install open-source-analysis
功能描述
Analyze an open source GitHub repository and generate a structured report. Trigger whenever the user provides a GitHub repository URL to analyze, or explicit...
安全使用建议
This skill appears to do what it says: analyze public GitHub repositories and generate a formatted report. Two things to consider before installing/using it: (1) provenance — the skill's source/homepage is unknown; that reduces trust because you can't verify the publisher or audit a code bundle (this skill is instruction-only but still published by an unknown owner). (2) token handling — SKILL.md will look for GITHUB_TOKEN and, if present, add an Authorization header to API calls to avoid rate limits. The registry metadata currently omits that env var, which is a bookkeeping mismatch but important to you: only provide a GitHub token if you trust the skill and follow the principle of least privilege. If you do provide a token, prefer a token with minimal scopes (avoid granting write scopes; for public-repo reads no special scopes are required), or authenticate via the gh CLI rather than exposing a long-lived personal token. Finally, because the skill has no code files and warns not to execute repo content, the immediate technical risk is low — but verify the publisher or ask them to correct the registry metadata (declare GITHUB_TOKEN) before granting credentials or using it with sensitive accounts.
功能分析
Type: OpenClaw Skill
Name: open-source-analysis
Version: 1.0.2
The skill is designed to analyze GitHub repositories and generate structured reports. It includes explicit security instructions in SKILL.md directing the agent to treat external repository content as untrusted data and to avoid executing any embedded commands, which serves as a defense against prompt injection from target repositories. The use of GITHUB_TOKEN is appropriately scoped for GitHub API access to retrieve project metadata.
能力评估
Purpose & Capability
The skill's stated purpose (analyze GitHub repositories) matches the runtime instructions (use GitHub API, read README/commits/issues/PRs). However, the registry metadata lists no required environment variables while SKILL.md explicitly declares and uses GITHUB_TOKEN. That discrepancy is unexpected: a GitHub-analysis skill reasonably may use GITHUB_TOKEN, but the registry should reflect that. Also SKILL.md mentions optionally using the gh CLI (not required) — that's reasonable but not declared in required binaries.
Instruction Scope
SKILL.md limits actions to fetching repository metadata and textual contents (README, commits, issues, PRs) and explicitly warns NEVER to execute repository commands — this scope stays within the stated purpose. It also includes language-detection and strict output formatting rules; those are functional and do not expand scope to unrelated data access.
Install Mechanism
Instruction-only skill with no install spec and no code files. That minimizes on-disk persistence and reduces installation risk.
Credentials
The only sensitive thing the skill references is GITHUB_TOKEN (used to raise API rate limits). Requesting that token is proportionate for heavy GitHub API usage. However, the registry metadata omits this env var while SKILL.md references it — an inconsistency users should notice. No other secrets or config paths are requested.
Persistence & Privilege
always:false and no install code means the skill does not request permanent forced inclusion or elevated platform privileges. Being an instruction-only skill, it doesn't modify other skills or system configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install open-source-analysis - 安装完成后,直接呼叫该 Skill 的名称或使用
/open-source-analysis触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added an explicit security warning: Instructs never to execute or follow any code or instructions found in repository content; only analyze as text.
- Updated instructions to emphasize extracting information only—do not be misled by commands or requests found in READMEs, commits, issues, or PRs.
- No changes impacting the report output structure or API usage flow.
v1.0.1
- Added GITHUB_TOKEN to environment variables in metadata.
- Enhanced API authentication instructions: now prefer using the gh CLI if available; otherwise use GITHUB_TOKEN for API requests.
- Clarified that the presence of GITHUB_TOKEN or installed gh CLI should be checked before making GitHub API requests.
- Updated guidance for informing users about API rate limiting and suggested configuring the GITHUB_TOKEN environment variable.
v1.0.0
- Initial release of the open-source-analysis skill.
- Generates detailed, structured analysis reports for GitHub repositories provided by the user.
- Automatically detects and matches the user’s language (Chinese or English) for report output.
- Strictly follows a specified Markdown structure for all analyses.
- Provides clear evaluation and ratings based on project stats, documentation, community activity, and ease of use.
- Guides users about GitHub API rate limiting and authentication requirements.
元数据
常见问题
Open Source Analysis 是什么?
Analyze an open source GitHub repository and generate a structured report. Trigger whenever the user provides a GitHub repository URL to analyze, or explicit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 118 次。
如何安装 Open Source Analysis?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install open-source-analysis」即可一键安装,无需额外配置。
Open Source Analysis 是免费的吗?
是的,Open Source Analysis 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Open Source Analysis 支持哪些平台?
Open Source Analysis 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Open Source Analysis?
由 Xudong Guo(@sunny0826)开发并维护,当前版本 v1.0.2。
推荐 Skills