← 返回 Skills 市场
binotaliu

OpenClaw Copilot CLI Wrapper

作者 binotaliu · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
443
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-copilot-cli
功能描述
Run GitHub Copilot CLI via exec to generate code, edit files, or automate shell tasks using advanced AI models like Claude or GPT-5.
安全使用建议
This skill is coherent with its stated purpose (wrapping the GitHub Copilot CLI) but it instructs you to run Copilot with flags and modes that can access and transmit local files and session data. Before installing/use: 1) Only install the copilot binary from official sources (npm/@github or Homebrew). 2) Avoid using --allow-all / --yolo unless you understand and accept that Copilot may access local files, URLs, and system tools. 3) Be cautious about AGENTS.md auto-loading and session outputs (session.md, ~/.copilot/logs) — these can contain workspace content; review them and store them securely. 4) Consider running Copilot in a sandbox/container or a copy of the workspace with sensitive data removed. 5) If you enable autonomous agent invocation, restrict when and how this skill can be called (or require explicit user confirmation) because the combination of autonomous calls + broad flags increases exposure risk. If you want, I can suggest safer invocation flags and a minimal test workflow to verify behavior in a controlled environment.
功能分析
Type: OpenClaw Skill Name: openclaw-copilot-cli Version: 1.0.0 The SKILL.md explicitly instructs the OpenClaw agent to execute the `copilot` CLI with the highly permissive `--allow-all` (or `--yolo`) flag. This flag grants the `copilot` CLI, and by extension the agent, broad capabilities including arbitrary file system access, network requests, and shell command execution. This creates a significant remote code execution (RCE) and data exfiltration risk, as a malicious prompt could exploit these permissions to compromise the host system. While not directly malicious code, this configuration introduces a severe vulnerability.
能力评估
Purpose & Capability
Name/description match the instructions: the SKILL.md only documents invoking the GitHub Copilot CLI, installing via npm/brew, and authenticating via GitHub. There are no unrelated required env vars, binaries, or config paths declared.
Instruction Scope
The instructions explicitly recommend flags and modes that grant the Copilot process broad access (e.g., --allow-all / --yolo), run it interactively via PTY and use process send-keys, and reference auto-loading of AGENTS.md and logs at ~/.copilot/logs. Those steps can cause the CLI to read local files, session state, or upload workspace content to external services — behavior beyond merely generating text and therefore a potential data-exfiltration/privacy risk.
Install Mechanism
No install spec baked into the skill (instruction-only). The README-style instructions point to npm or Homebrew official installs for @github/copilot, which are standard installation routes and not itself suspicious.
Credentials
The skill declares no required env vars or credentials, which is proportionate. However, runtime use requires a GitHub login/Copilot subscription (interactive OAuth/token storage), and the recommended flags may cause local files or credentials to be accessed or transmitted by the Copilot service. The SKILL.md does not request unrelated credentials, but it implicitly relies on GitHub auth and local stored tokens.
Persistence & Privilege
always:false and no requests to modify other skills — that's appropriate. But allow-list flags and interactive automation combined with the platform-default ability for agents to invoke skills autonomously increase potential blast radius if the agent is permitted to call this skill without human oversight.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-copilot-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-copilot-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
v1.0: Copilot CLI integration for code gen, automation, NFT scripts. Escape-powered! 🔩
元数据
Slug openclaw-copilot-cli
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OpenClaw Copilot CLI Wrapper 是什么?

Run GitHub Copilot CLI via exec to generate code, edit files, or automate shell tasks using advanced AI models like Claude or GPT-5. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。

如何安装 OpenClaw Copilot CLI Wrapper?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-copilot-cli」即可一键安装,无需额外配置。

OpenClaw Copilot CLI Wrapper 是免费的吗?

是的,OpenClaw Copilot CLI Wrapper 完全免费(开源免费),可自由下载、安装和使用。

OpenClaw Copilot CLI Wrapper 支持哪些平台?

OpenClaw Copilot CLI Wrapper 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Copilot CLI Wrapper?

由 binotaliu(@binotaliu)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论