← 返回 Skills 市场
1176
总下载
0
收藏
7
当前安装
3
版本数
在 OpenClaw 中安装
/install repo-analyzer
功能描述
GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project...
安全使用建议
This skill implements a plausible GitHub repo analyzer, but there are notable red flags you should consider before installing or running it:
- Credential handling: The skill expects a GITHUB_TOKEN but the registry metadata does not declare it; SKILL.md even tells you to source ~/.bashrc or grep it out of that file. Do NOT store or extract long-lived tokens from shell rc files for third-party tools. Prefer providing a token via the --token flag or a short-lived token with minimal scopes.
- Local file access: The documentation instructs reading ~/.bashrc; that is a direct local file read that could expose other secrets if you follow the provided commands. Avoid running those exact source/grep commands unless you understand what they'll reveal.
- Child process execution: The code executes external CLIs (bird, gh) using child_process.execSync and forwards environment variables. If you run the skill and those CLIs are present (or replaced by malicious binaries), your environment (including tokens) could be exposed. Only run in an isolated environment or confirm the CLIs are trustworthy.
- Auto-triggering on pasted tweets: The skill will attempt to fetch tweet content automatically and include it in reports. If you paste a private or sensitive URL, the skill may fetch and include that text in outputs.
- Mitigations: Inspect the full analyze.js file locally, run the tool in an isolated container/VM, use a minimal-scope GitHub PAT (or a read-only token), avoid storing tokens in ~/.bashrc, and do not allow the skill to auto-run on arbitrary pasted content. If you need higher assurance, ask the author for clearer metadata (declare GITHUB_TOKEN requirement) and for an option to disable invoking external CLIs or auto-triggering on tweets.
功能分析
Type: OpenClaw Skill
Name: repo-analyzer
Version: 1.2.0
The skill is classified as suspicious due to a prompt injection vulnerability in `SKILL.md` and the use of powerful `child_process.execSync` calls in `scripts/analyze.js`. The `SKILL.md` explicitly instructs the AI agent to read the user's `~/.bashrc` file to extract a `GITHUB_TOKEN` (`GITHUB_TOKEN="$(grep GITHUB_TOKEN ~/.bashrc | cut -d'"' -f2)"`). While intended to provide the skill with a necessary token, this is a direct instruction for sensitive local file access, which constitutes a prompt injection vulnerability. Additionally, `scripts/analyze.js` uses `execSync` to run external CLI tools (`bird` and `yara`), a powerful capability that, while currently used for legitimate security analysis, could pose a shell injection risk if not perfectly sanitized or if the external tools themselves were compromised.
能力评估
Purpose & Capability
The README/SKILL.md clearly describes a GitHub repo trust scorer and the bundled scripts implement that. However the skill declares no required environment variables while the docs state 'CRITICAL: Always run with GITHUB_TOKEN loaded' and the code uses process.env.GITHUB_TOKEN. The SKILL.md also claims 'zero external dependencies' but the runtime optionally invokes external CLIs (bird, gh) and the code expects Node.js 18+. There's a version mismatch (registry metadata 1.2.0 vs package.json 1.1.1). These mismatches (missing declared env, undeclared external CLI reliance) are disproportionate to the stated metadata and reduce coherence.
Instruction Scope
SKILL.md explicitly instructs sourcing ~/.bashrc and even gives a grep snippet to extract GITHUB_TOKEN from that file — that directs the agent/user to read a local shell config file containing secrets. The skill also auto-triggers on pasted X/Twitter URLs and instructs the agent to 'ALWAYS include the tweet text/context', and the code will try to read tweets via a local 'bird' CLI or public syndication endpoints. The instructions therefore request local secrets and run shell commands to fetch external content; this goes beyond simply calling the GitHub API to analyze a repo and grants broad discretion to access local files and run arbitrary CLIs.
Install Mechanism
There is no install spec (instruction-only at registry level) but the package bundle contains multiple scripts and supporting files. No external downloads or archive extraction are used — code is present in the skill bundle. That keeps the install risk low, but the presence of runnable scripts means installing/executing them will run code on the host.
Credentials
The skill requests no env vars in metadata but both SKILL.md and scripts expect GITHUB_TOKEN for full functionality. Moreover, the SKILL.md instructs users to source ~/.bashrc and extract the token from there. The code executes external CLIs via child_process.execSync while passing process.env, so any invoked CLI (bird, gh, etc.) would receive the agent's environment including secrets. Requiring an unrestricted PAT without guidance on minimal scopes and instructing reading ~/.bashrc is disproportionate and potentially exposes sensitive credentials.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It is user-invocable and can be invoked autonomously (disable-model-invocation:false), which is normal and not by itself a red flag. Auto-trigger behavior on pasted X/Twitter URLs is a functional choice but increases privacy exposure (tweet text and extracted links will be fetched).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install repo-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/repo-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Scoring improvements: (1) New-repo hard caps now scale with hygiene signals — repos with tests, CI, license, security policy, docs can break through the 55 cap. (2) Suspicious account penalty reduced when repo has strong hygiene (4+ signals). (3) High commit frequency warning disabled for repos <7 days old. (4) Agent safety PASS raises cap ceiling for new repos. (5) Added crypto/DeFi domain allowlist: DEX APIs (DexScreener, Jupiter, Uniswap, Raydium, etc), launchpads (Virtuals, Clanker, Bankr, pump.fun, Doppler, Flaunch), social proxies (fxtwitter, nitter), sports data (ESPN, NBA), odds APIs, and funding links (Patreon, OpenCollective).
v1.1.1
Remove test artifacts, add .gitignore, clean package
v1.1.0
Trust scoring, batch scan, X/Twitter auto-extract, improved scoring weights
元数据
常见问题
Repo Analyzer 是什么?
GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1176 次。
如何安装 Repo Analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install repo-analyzer」即可一键安装,无需额外配置。
Repo Analyzer 是免费的吗?
是的,Repo Analyzer 完全免费(开源免费),可自由下载、安装和使用。
Repo Analyzer 支持哪些平台?
Repo Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Repo Analyzer?
由 Don-GBot(@don-gbot)开发并维护,当前版本 v1.2.0。
推荐 Skills