← 返回 Skills 市场
Peter Commit Ops
作者
chinasilva
· GitHub ↗
· v1.1.0
407
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install peter-commit-ops
功能描述
提交与建 PR 桥接自动化。负责将“可提交”改动落成 commit、推送分支并创建 PR,衔接 peter-code-review 与 peter-pr-ops。用于用户提到“帮我提交”“推分支”“创建 PR”“从 review 到 merge 串起来”等场景。
安全使用建议
This skill appears to do what it says (turn staged changes into commits, push branches, and create PRs), but the metadata omits important runtime expectations. Before installing or enabling it: 1) Confirm the agent environment has git, and (if you want full automation) the GitHub CLI (gh) and any necessary npm tooling. 2) Be aware the skill will use whatever git/GitHub credentials are available — ensure those credentials have appropriately limited scope (e.g., a deploy key or a token without admin rights) or require manual approval before push/PR. 3) Require an explicit confirmation step (or dry-run mode) before any automatic git add/commit/push to avoid unintended repository changes. 4) Prefer the skill to document required binaries and credential requirements in metadata (declare git, gh, npm and note that GH auth is needed). If you cannot trust the environment’s credentials or want stricter control, do not give the agent permission to run this skill autonomously and instead invoke it manually when you can supervise the actions.
功能分析
Type: OpenClaw Skill
Name: peter-commit-ops
Version: 1.1.0
The skill instructs the agent to execute `npm run workflow:check` or shell scripts (`tools/workflow-check.sh`, `scripts/workflow-check`) from the user's repository (SKILL.md). This introduces a potential Remote Code Execution (RCE) vulnerability if the repository's scripts are malicious, as the skill itself does not define or validate their content. While the use of `gh pr create --fill` (SKILL.md) involves network interaction and potential data exposure, it aligns with the stated purpose. The skill also includes '护栏' (guardrails) to prevent common dangerous actions like direct pushes to `main`/`master`, indicating an intent for safe operation within its defined scope, but the reliance on untrusted repository scripts makes it suspicious.
能力评估
Purpose & Capability
The SKILL.md focuses on checking the working tree, creating commits, pushing branches, and creating/updating PRs — this matches the skill name and description. However, the package metadata declares no required binaries or credentials even though the instructions call for git, npm (optional workflow checks), and the GitHub CLI (gh). The lack of declared runtime dependencies is an inconsistency (likely sloppy/omission rather than malicious) but worth flagging.
Instruction Scope
Runtime instructions stay within the expected scope: they run git status/diff/add/commit/push, may run a repository-local workflow check script or `npm run workflow:check`, and use `gh pr create` to create/update PRs. The steps include sensible safeguards (avoid git add . by default, block commits if review failed, disallow direct push to main/master). The instructions do not request unrelated system files or exfiltrate data to unknown endpoints; external network activity is limited to standard Git/GitHub operations.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so there is no installer or downloaded code to evaluate. That lowers install-time risk. The risk is therefore operational (it will execute local git/gh commands) rather than an install-time risk.
Credentials
The skill declares no required environment variables or primary credential, but it implicitly depends on local git credentials and GitHub authentication for `git push` and `gh pr create`, and possibly on npm for repo checks. The omission means the skill will rely on whatever credentials are present in the agent environment (SSH keys, saved git creds, or GH CLI auth). That lack of explicit declaration is a proportionality/information problem: users may not realize the skill will exercise existing credentials with push/PR privileges.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not modify other skills or system-wide settings. It requires the usual runtime permission to run git/gh commands in the repository context; autonomous invocation is allowed by default but is not itself flagged here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install peter-commit-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/peter-commit-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
- 新增完整执行流程和适用场景文档,详细说明 peter-commit-ops 的功能与护栏规范。
- 明确支持从“可提交”改动自动完成 commit、推送分支、创建/汇报 PR 的串行自动化。
- 增加多步前置检查(如工作区是否有变更、审查门禁、分支策略)和风险高亮输出。
- 明确输出标准与失败/阻塞场景的提示方式。
- 巩固与 peter-code-review、peter-ci-gate、peter-pr-ops 的衔接流程与交接规范。
元数据
常见问题
Peter Commit Ops 是什么?
提交与建 PR 桥接自动化。负责将“可提交”改动落成 commit、推送分支并创建 PR,衔接 peter-code-review 与 peter-pr-ops。用于用户提到“帮我提交”“推分支”“创建 PR”“从 review 到 merge 串起来”等场景。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 407 次。
如何安装 Peter Commit Ops?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install peter-commit-ops」即可一键安装,无需额外配置。
Peter Commit Ops 是免费的吗?
是的,Peter Commit Ops 完全免费(开源免费),可自由下载、安装和使用。
Peter Commit Ops 支持哪些平台?
Peter Commit Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Peter Commit Ops?
由 chinasilva(@chinasilva)开发并维护,当前版本 v1.1.0。
推荐 Skills