← 返回 Skills 市场
glucksberg

Pr Ship

作者 Glucksberg · GitHub ↗ · v1.0.13
cross-platform ⚠ suspicious
861
总下载
0
收藏
2
当前安装
20
版本数
在 OpenClaw 中安装
/install pr-ship
功能描述
Pre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each findi...
安全使用建议
What to check before installing or running this skill: - Review scripts/test-update-pipeline.sh line-by-line. It contains hardcoded paths (/home/dev/.openclaw/skills/pr-ship, $HOME/.openclaw/cron/jobs.json) and will read local cron config and git metadata — ensure those checks are acceptable for your environment. - The SKILL.md and playbook assume many command-line tools (git, grep, sed, node, jq, python3, pnpm, clawhub). The skill does not declare these; make sure your environment provides them and consider running in a sandbox or a dedicated dev container. - The skill's update flow (clawhub update, cron-driven CURRENT-CONTEXT.md refresh) will perform network git operations (git fetch upstream). Confirm the remote origins are trustworthy and that no credentials will be accidentally exposed or used for unintended pushes. - If you plan to enable automated updates (cron/clawhub), run the update script manually first in a safe environment and verify it does not perform unexpected writes or network pushes (the test script explicitly warns cron should not run git push or clawhub publish automatically). - The skill is coherent with its stated purpose, but because it touches system files and assumes an update pipeline, treat it as potentially impactful: run reviews locally, verify remote provenance (the package.json points to a GitHub repo), and avoid enabling automatic cron updates until you confirm the workflow and remotes. If you want, I can extract the specific lines from the script that read host paths and network operations, or produce a short checklist of commands to run locally to validate behavior safely.
功能分析
Type: OpenClaw Skill Name: pr-ship Version: 1.0.13 The skill is designed for local codebase analysis using explicitly read-only commands (`grep`, `find`, `ls`, `git diff`). The `SKILL.md` and `EXPLORATION-PLAYBOOK.md` contain strong guardrails, explicitly instructing the AI agent *not* to execute commands that modify files or perform build/test actions, but only to recommend them to the user. The `scripts/test-update-pipeline.sh` script, while using more powerful commands, is for testing the skill's update mechanism and includes checks that *prevent* automated `git push` or `clawhub publish` in the cron job. A 'Security Notice' in `SKILL.md` warns users about potential secret exposure in generated reports, which is a transparency measure, not an instruction for malicious exfiltration. No evidence of intentional harmful behavior (e.g., data exfiltration, persistence, unauthorized remote control) was found.
能力评估
Purpose & Capability
The skill's name, README and SKILL.md describe exactly the claimed capability (diff current branch vs main, run grep/find/git-based investigations, produce a risk report) and the included reference docs support that. However, package metadata and the provided test/update script expect additional host tooling (node, jq, python3, git) and specific local paths (/home/dev/.openclaw/..., $HOME/.openclaw/cron/jobs.json). Those tool/path assumptions are not declared in the skill's requirements, which is an incoherence to be aware of.
Instruction Scope
Most runtime instructions stay inside the OpenClaw repository (git diff, grep, find, reading references/). That matches the stated constraint 'for the OpenClaw repository only'. But the included scripts (scripts/test-update-pipeline.sh) also read and validate files outside the repo (cron jobs JSON in $HOME, /home/dev openclaw paths), check git remote URLs and fetch upstream — which extends scope beyond the repo and may perform network operations. The SKILL.md itself doesn't clearly warn that auxiliary scripts touch system configuration and expect cron update behavior.
Install Mechanism
No install specification (instruction-only) — lowest install risk. The only shipped executable artifact is a bash script intended for the update/validation pipeline; nothing is downloaded or extracted at install time. Still, that script is designed to be run by a host environment (cron) and performs read/write checks on host paths.
Credentials
The skill declares no required env vars or primary credentials, which fits a repo-local reviewer tool. In practice it implicitly requires several host tools (git, grep/sed, node, jq, python3, pnpm, clawhub) and may attempt network git operations (git fetch upstream). If the user's OpenClaw checkout or upstream remotes are private, git network actions could require credentials. The skill does not declare these binary/credential expectations.
Persistence & Privilege
always:false (good). However, the repo includes a script and textual guidance for a cron/update pipeline that modifies references/CURRENT-CONTEXT.md and expects periodic 'clawhub update' and local cron job orchestration. That design implies an intended persistent update mechanism (daily metadata refresh) which will write files on disk and run git operations — a non-trivial system interaction beyond one-off repo analysis. The skill itself does not require always:true, but the presence of scripts that assume cron/updater privileges elevates the surface to review carefully before enabling automated runs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pr-ship
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pr-ship 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.13
Auto-updated: 2026.3.3 additional fixes (auth labels, Discord mega-wave, exec heartbeat routing, compaction continuity, session startup date grounding)
v1.0.10
- Updated package version to 1.0.10. - Refreshed references/CURRENT-CONTEXT.md with latest OpenClaw version context. - No changes to core workflow or feature set.
v1.0.7
Fix metadata mismatch, remove auto-publish, add user verification commands
v1.0.6
test
v1.0.5
Provenance metadata, GitHub source repo, homepage, security notice
v1.0.4
Updated CURRENT-CONTEXT for upstream sync
v1.1.0
Add VISION-GUIDELINES.md reference layer: contribution policy, merge guardrails, plugin/core boundary, security philosophy, will-not-merge list from OpenClaw VISION.md. Updated SKILL.md workflow to evaluate PRs against vision guidelines.
v1.0.3
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.26
v1.0.2
CURRENT-CONTEXT updated for OpenClaw v2026.2.26 (External Secrets, Security Hardening, ACP Thread-bound agents, Routing CLI)
v1.0.1
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.25
v1.0.9
Auto-update: CURRENT-CONTEXT.md refreshed from CHANGELOG v2026.2.22
v2.0.3
Consistency pass: remove generic fallback logic (skill is OpenClaw-only), simplify workflow to always diff against main, clarify scope and constraints
v2.0.2
Fix: clarify exploration commands are read-only. Build/test/codegen commands are recommended to the user, never executed by the agent. Resolves suspicious classification from code insights.
v2.0.1
Add update frequency notice to description and overview
v2.0.0
v2.0: Dynamic exploration + layered architecture. Replaces monolithic DEVELOPER-REFERENCE.md with 4 layers: STABLE-PRINCIPLES, ARCHITECTURE-MAP, CURRENT-CONTEXT (auto-updated), EXPLORATION-PLAYBOOK.
v0.3.0
Add 🟢 Low Risk severity level (1-2) for minor observations safe to ship. Three-tier scale: 🟢 low / 🟡 attention / 🔴 high.
v0.2.2
Add credit to mudrii (https://github.com/mudrii) for DEVELOPER-REFERENCE.md methodology
v0.2.1
Clarify scope: OpenClaw-specific skill using OpenClaw DEVELOPER-REFERENCE.md guidelines
v0.2.0
Rewritten description for clarity and truncation-friendliness
v0.1.0
Initial release: diff-vs-main PR shipping report with guideline-based findings and per-item alert scoring.
元数据
Slug pr-ship
版本 1.0.13
许可证
累计安装 3
当前安装数 2
历史版本数 20
常见问题

Pr Ship 是什么?

Pre-ship risk report for OpenClaw PRs. Dynamically explores the codebase to assess module risk, blast radius, and version-specific gotchas. Scores each findi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 861 次。

如何安装 Pr Ship?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-ship」即可一键安装,无需额外配置。

Pr Ship 是免费的吗?

是的,Pr Ship 完全免费(开源免费),可自由下载、安装和使用。

Pr Ship 支持哪些平台?

Pr Ship 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pr Ship?

由 Glucksberg(@glucksberg)开发并维护,当前版本 v1.0.13。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论