← 返回 Skills 市场
54
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pain-to-pip-package
功能描述
Complete pipeline: Reddit pain scan → cluster → build pip-installable CLI tool → push to GitHub. 5 tools shipped using this pattern. Proven with 343 pain sig...
安全使用建议
Before installing or running this skill, verify the following: (1) the environment has the required tooling (python3, pip, git, GitHub CLI 'gh', optionally setuptools/wheel) — the skill metadata does not list them; (2) understand and control credentials: you will need Git credentials or a GITHUB_TOKEN (and possibly PyPI credentials) to push or release — never provide broad-scope tokens to an untrusted agent or skill; (3) review any 'scripts/daily-pipeline' code before executing: the SKILL.md assumes local scripts exist and will mutate files and push them upstream; running unreviewed automation can leak data or push undesired content; (4) be cautious about including Reddit quotes in README files — they may contain PII or violate Reddit/user terms; sanitize content and confirm license/consent; (5) prefer running the pipeline in an isolated VM or container and use a least-privilege GitHub token with minimal scopes (repo:public_repo or per-repo scoped token) rather than full account tokens; (6) if you want this to be fully trustworthy, ask the publisher for: explicit required binaries list, a list of required env vars (and justification), and the actual scripts referenced (scripts/daily-pipeline) so you can audit them before execution. If those are provided and reviewed, the coherence concerns would be reduced.
功能分析
Type: OpenClaw Skill
Name: pain-to-pip-package
Version: 1.0.0
The skill bundle outlines a legitimate workflow for automating the creation of Python CLI tools based on Reddit trends. It provides templates for project structure (pyproject.toml), instructions for scanning Reddit's public API, and steps for deployment via GitHub. While it suggests using the `--break-system-packages` flag and mentions 'bypass' tools in an SEO example, these actions are aligned with the stated purpose of rapid prototyping and do not exhibit signs of data exfiltration, unauthorized access, or malicious intent.
能力标签
能力评估
Purpose & Capability
The stated purpose (turn Reddit complaints into pip-installable CLI tools and push them to GitHub) matches the SKILL.md steps. However the SKILL.md implicitly requires tools and permissions (git, gh CLI or Git credentials, Python build tools, possibly a GitHub token and/or PyPI credentials for publishing) that the skill metadata does not declare. That mismatch reduces confidence in the manifest's accuracy.
Instruction Scope
The instructions tell an agent/operator to run commands that modify a repository, create releases, and schedule cron jobs. These actions will require GitHub authentication and write access to a repository. The doc also warns about agent-specific file read/write behavior (the 'execute_code' warning), which signals the instructions expect direct file manipulation by an agent — a capability that can cause accidental data corruption or unintended uploads if the agent environment is different from what's assumed. The SKILL.md further encourages adding user quotes from Reddit into README files, which raises privacy/PII and licensing concerns but is unrelated to declared requirements.
Install Mechanism
This is an instruction-only skill with no install spec and no downloads — lowest install risk. That said, the runtime steps assume external binaries (python3, pip, git, gh) that are not declared as required; the lack of an install spec means the operator must ensure these exist before running the pipeline.
Credentials
The skill declares no required environment variables or credentials, yet the push/release steps and comments about posting indicate the need for GitHub credentials (GH CLI auth or a GITHUB_TOKEN) and possibly PyPI credentials (if publishing to PyPI). This is a proportionality mismatch: sensitive secrets/credentials are necessary for core steps but are not surfaced in the metadata, so an operator might be prompted (or a misconfigured agent might seek) credentials unexpectedly.
Persistence & Privilege
The skill does not request 'always: true' and is not automatically persistent, which is good. However the SKILL.md explicitly recommends creating cron jobs for daily automation that will repeatedly scan Reddit and push updates to GitHub. If an executing agent is given autonomy to implement those cron jobs, that creates persistent behavior (scheduled, automated pushes/releases). Autonomous invocation combined with credential access would increase blast radius — the combination should be consciously authorized by the operator.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pain-to-pip-package - 安装完成后,直接呼叫该 Skill 的名称或使用
/pain-to-pip-package触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of pain-to-pip-package: a pipeline to turn Reddit pain points into pip-installable CLI tools.
- End-to-end workflow: scan Reddit for complaints, cluster pain signals, build & package tools, release on GitHub.
- Explains structure for standalone pip packages with practical templates and tips.
- Shares validated pain clusters and key lessons (rate limits, packaging errors, SEO).
- Includes automation steps for daily Reddit scans and GitHub metrics tracking.
元数据
常见问题
Pain To Pip Package 是什么?
Complete pipeline: Reddit pain scan → cluster → build pip-installable CLI tool → push to GitHub. 5 tools shipped using this pattern. Proven with 343 pain sig... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 54 次。
如何安装 Pain To Pip Package?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pain-to-pip-package」即可一键安装,无需额外配置。
Pain To Pip Package 是免费的吗?
是的,Pain To Pip Package 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pain To Pip Package 支持哪些平台?
Pain To Pip Package 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pain To Pip Package?
由 Maya Tao(@minirr890112-byte)开发并维护,当前版本 v1.0.0。
推荐 Skills