← 返回 Skills 市场
corbin-breton

Repo Guardian

作者 Corbin Breton · GitHub ↗ · v1.4.1 · MIT-0
cross-platform ✓ 安全检测通过
212
总下载
0
收藏
1
当前安装
9
版本数
在 OpenClaw 中安装
/install repo-guardian
功能描述
Automated GitHub PR review governance and repository maintenance automation. Use when reviewing pull requests with dual-model consensus, enforcing merge gate...
安全使用建议
This skill appears to do what it says, but before installing: 1) Use a fine‑grained GH token scoped only to the repository and only with write permissions if you enable auto-merge; leave write/remove scopes off if you only want review. 2) Be aware that PR diffs and filenames are sent to whichever model providers your OpenClaw agents use—confirm those providers, retention, and data-handling policies. 3) Test in dry-run mode and/or set GUARDIAN_AUTO_MERGE=false initially; use the 'skip-guardian' label on sensitive PRs. 4) Ensure the configured agent names (GUARDIAN_AGENT / GUARDIAN_REVIEWER_B_AGENT) map to trusted agent configurations so reviews go to the intended models. If you want further assurance, request the full (non-truncated) guardian.sh to review any truncated portions or to audit its complete merge/comment payload construction.
功能分析
Type: OpenClaw Skill Name: repo-guardian Version: 1.4.1 The repo-guardian skill is a legitimate automation tool for GitHub PR reviews and repository maintenance. The bash script (scripts/guardian.sh) implements a dual-model consensus logic by dispatching PR diffs to AI agents via the OpenClaw CLI and performing actions based on their JSON verdicts. It demonstrates good security practices, such as using Python for safe JSON serialization of API payloads to prevent injection and explicitly warning users about GH_TOKEN scope management.
能力评估
Purpose & Capability
The skill's name/description (automatic PR review, dual-model consensus, auto-merge, triage) aligns with what it requires: GH_TOKEN for GitHub API access, agent names to dispatch reviews, auto-merge/auto-fix and max limits. Required binaries (openclaw, python3, curl) are used by the included shell script and are appropriate.
Instruction Scope
SKILL.md and scripts explicitly fetch PR metadata, diffs and file lists and send them in prompts to configured OpenClaw agents for review (diffs truncated to 500 lines). That behavior is expected for this skill but is a privacy/data-exposure vector: repository code from open PRs will be transmitted to whatever model providers your agents are configured to use. The script avoids leaking GH_TOKEN into prompts and truncates large diffs; it also honors a 'skip-guardian' label. These protections are reasonable but you should confirm your model endpoints and retention policies.
Install Mechanism
No install spec (instruction-only plus included script). Nothing is downloaded or written by an installer; the runtime uses existing binaries. This is low-install-risk.
Credentials
Required environment variables are configuration flags and the GH_TOKEN credential needed to call the GitHub API. No unrelated credentials are requested. The documentation recommends limited scopes and differentiates read-only vs write for auto-merge—appropriate and proportionate.
Persistence & Privilege
The skill is user-invocable, not always-on. It can autonomously invoke models (platform default) and perform merges/comments when given a token and enabled flags; this matches the declared functionality. It does not request persistent elevated platform privileges or modify other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install repo-guardian
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /repo-guardian 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.1
- Added required environment variables to metadata: GUARDIAN_AGENT, GUARDIAN_REVIEWER_B_AGENT, GUARDIAN_REPO, GUARDIAN_AUTO_MERGE, GUARDIAN_AUTO_FIX, GUARDIAN_MAX_PRS, GUARDIAN_MAX_ISSUES. - Included 'openclaw' as a required bin in metadata. - Updated documentation to reflect these additional required environment variables. - No behavioral or logic changes to review or triage flow.
v1.4.0
Version 1.4.0 of repo-guardian - Added OpenClaw-compatible metadata, including required environment variables (`GH_TOKEN`) and dependencies (`gh`, `python3`, `curl`). - Introduced a `homepage` field for quick reference and skill discovery. - Improved documentation by clarifying that the skill works on any GitHub repository. - Updated skill boundaries and requirements for better clarity and OpenClaw integration. - Version bump from 1.3.1 to 1.4.0.
v1.3.1
repo-guardian 1.3.1 - Added support for configuring Reviewer A and Reviewer B agents via new environment variables (`GUARDIAN_AGENT` and `GUARDIAN_REVIEWER_B_AGENT`). - Updated documentation to clarify agent configuration and default selection for cross-model review. - Cron job documentation now uses a generic `<your-agent-name>` placeholder for improved clarity.
v1.3.0
## Repo Guardian 1.3.0 - Clarified environment variable requirements: `GH_TOKEN` must be set explicitly; the script no longer falls back to `gh auth token`. - Updated documentation in SKILL.md to emphasize required environment variables and binaries. - Minor adjustments to requirements and usage sections for improved clarity and safety. - No functional changes to review workflow or core automation; changes are documentation and configuration-focused.
v1.2.1
- Added openclaw as a required binary in skill requirements. - Bumped version to 1.2.1 in the skill manifest. - No functional or logic changes to the skill's behavior.
v1.2.0
**Version 1.2.0 — Data Privacy & Requirements Improvements** - Added an explicit privacy/disclosure section detailing how repository code is transmitted to model providers, with clarification on diff truncation and token use. - Declared required environment variables and binaries in SKILL.md under a new `requires` field. - Updated token scope recommendations for improved least-privilege security. - Minor clarifications on data flow, privacy, and restrictions in documentation. - No core logic or functionality changes to the review or triage flow.
v1.1.0
Added structured trace logging (P4) for review run audit trails — tracks PR outcomes, model agreement rate, and anomalies
v1.0.1
Extend safety section: credential handling, auto-merge opt-in, audit trail, repo scope constraints
v1.0.0
Initial publish
元数据
Slug repo-guardian
版本 1.4.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 9
常见问题

Repo Guardian 是什么?

Automated GitHub PR review governance and repository maintenance automation. Use when reviewing pull requests with dual-model consensus, enforcing merge gate... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 212 次。

如何安装 Repo Guardian?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install repo-guardian」即可一键安装,无需额外配置。

Repo Guardian 是免费的吗?

是的,Repo Guardian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Repo Guardian 支持哪些平台?

Repo Guardian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Repo Guardian?

由 Corbin Breton(@corbin-breton)开发并维护,当前版本 v1.4.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论