← 返回 Skills 市场
Prompt Request Pipeline
作者
Shunsuke Hayashi
· GitHub ↗
· v1.0.0
536
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install prompt-request
功能描述
GitHub Issue → auto-implement → PR → review → auto-merge pipeline. Write an Issue with [auto] tag, and the pipeline handles everything: task analysis, implem...
安全使用建议
This skill will automatically clone repositories, modify code, commit, push, create PRs, review, and merge — so before installing: 1) Recognize that the SKILL.md assumes GitHub CLI auth, SSH write access, and an OpenClaw webhook token/endpoint even though the skill metadata lists no required credentials — treat those as required and only grant minimal-scoped credentials (deploy key or fine-scoped PAT) on a test repo first. 2) The message template sets allowUnsafeExternalContent=true and delivers to an external channel (telegram); avoid exposing secrets in what the agent posts and restrict destination channels. 3) The instructions say 'MUST execute' — prefer adding a mandatory manual-approval step (or a staging repository) to prevent unintended writes. 4) Test thoroughly in a sandbox repository with limited access and CI protections enabled (branch protection rules, required reviews) before enabling on real repos. 5) Consider removing or auditing any references that let the agent read other skills/agent files if those repositories may contain secrets. If you want, provide the maintainer contact or a provenance/source URL — lack of a homepage/source reduces transparency and increases risk.
功能分析
Type: OpenClaw Skill
Name: prompt-request
Version: 1.0.0
This skill bundle is highly suspicious due to multiple severe vulnerabilities that enable remote code execution (RCE) and data exfiltration. The `openclaw.json` configuration (referenced in `SKILL.md` and `examples/sample-hook-config.json`) explicitly sets `allowUnsafeExternalContent: true`, which significantly lowers security barriers. The `templates/messageTemplate.txt` contains direct `exec()` calls with interpolated user-controlled variables (e.g., `OMEGA_BRIDGE_PATH`, `{{issue.number}}`), creating shell injection and RCE risks. Furthermore, the agent is instructed to read and follow external markdown files (e.g., `AGENTS.md`, `SOUL.md`, `SKILL.md`) from the repository itself, and to 'implement each meaningful task' from the issue body, providing extensive prompt injection surfaces. The agent is also instructed to 'Run existing tests' and automatically merge PRs based on its own review, which can be bypassed by a malicious actor to introduce and merge harmful code.
能力评估
Purpose & Capability
The skill claims to automate GitHub workflows and the runtime instructions do exactly that (clone, branch, edit, commit, push, create PR, review, merge). However the SKILL metadata declares no required credentials or config, while the doc explicitly requires GitHub CLI authentication, SSH write access, an OpenClaw hooks token/endpoint, and a webhook — this mismatch between declared requirements and actual needs is incoherent and materially important.
Instruction Scope
The SKILL.md instructs the agent to perform potentially destructive repository actions (clone repos, run tests, edit code, commit, push, create PRs, and auto-merge) and to read arbitrary files inside the repo (other agents' AGENTS.md, other skills' SKILL.md). It also contains forceful 'You MUST execute' wording that removes human-in-the-loop discretion. Those actions are within the stated purpose but grant broad write/read access to repository contents and could produce unintended changes if misconfigured.
Install Mechanism
No install spec or external binary downloads are included in the skill bundle (instruction-only). That minimizes supply-chain risk from the skill package itself.
Credentials
The runtime requires sensitive capabilities (GitHub CLI auth and SSH push rights, webhook secret for OpenClaw, access to a working directory where repos are cloned) but the skill metadata lists no required environment variables or primary credential. The messageTemplate also sets allowUnsafeExternalContent=true and sends output to an external channel (telegram). These implicit/undeclared requirements and permissive delivery settings increase risk and are disproportionate to what the package declares.
Persistence & Privilege
The skill is not marked always:true and doesn't request persistent platform privileges, but it instructs autonomous modification of external repositories (push/PR/merge) when invoked. Autonomous invocation combined with the above undeclared credential assumptions raises operational risk — consider restricting invocation scope and requiring manual approvals.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install prompt-request - 安装完成后,直接呼叫该 Skill 的名称或使用
/prompt-request触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: GitHub Issue to auto-implement PR pipeline with early-exit optimization, progress comments, and auto-merge
元数据
常见问题
Prompt Request Pipeline 是什么?
GitHub Issue → auto-implement → PR → review → auto-merge pipeline. Write an Issue with [auto] tag, and the pipeline handles everything: task analysis, implem... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 536 次。
如何安装 Prompt Request Pipeline?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install prompt-request」即可一键安装,无需额外配置。
Prompt Request Pipeline 是免费的吗?
是的,Prompt Request Pipeline 完全免费(开源免费),可自由下载、安装和使用。
Prompt Request Pipeline 支持哪些平台?
Prompt Request Pipeline 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Prompt Request Pipeline?
由 Shunsuke Hayashi(@shunsukehayashi)开发并维护,当前版本 v1.0.0。
推荐 Skills