← 返回 Skills 市场
broedkrummen

Repo Onboarding

作者 Broedkrummen · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
420
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install repo-onboarding
功能描述
Onboard a repo by assessing architecture and dependencies, setting up roadmap and kanban for execution, and generating a comprehensive onboarding report.
安全使用建议
This skill tells your agent to run Python/bash scripts that are not included and are referenced by absolute paths in another user's home directory — those scripts could execute anything on your machine. Before installing or running: (1) inspect the exact scripts referenced (/home/.../senior-architect and repo-kanban-pm) to confirm their safe behavior; (2) ensure the scripts exist in a trusted location (prefer relative paths inside the repo or bundle the scripts with the skill); (3) require and document needed binaries (python, bash) and any env vars those scripts need; (4) do not run the add_daily_pm_cron.sh step until you review what it writes to crontab; (5) run first in an isolated environment or CI job with limited privileges. If you cannot review the referenced scripts, treat this skill as untrusted.
功能分析
Type: OpenClaw Skill Name: repo-onboarding Version: 0.1.0 The skill bundle is classified as suspicious primarily due to the instruction in `SKILL.md` to execute `add_daily_pm_cron.sh`, which creates a cron job. While presented as an 'Optional daily PM audit', the ability to establish persistence via cron is a high-risk capability. This action, even if intended for a legitimate purpose, introduces a significant vulnerability risk if the underlying script or the agent's interpretation could be exploited for unauthorized execution or persistence. The skill also relies on executing other external scripts from absolute paths within the OpenClaw workspace, making its security dependent on those external components.
能力评估
Purpose & Capability
The skill claims to onboard repos, which is reasonable, but its instructions depend on other skills' scripts located at hard-coded absolute paths (/home/broedkrummen/.openclaw/.../senior-architect and repo-kanban-pm). Those scripts are not included in the package, and the skill declares no required binaries (e.g., python, bash). Requiring external, undisclosed scripts at specific user-home paths is disproportionate to the stated purpose and breaks expected packaging assumptions.
Instruction Scope
Runtime instructions tell the agent to execute Python and bash scripts outside the repository (absolute user-home paths) and to write files into the repo. This gives the skill the ability to run arbitrary code on the host. The optional cron-install step (add_daily_pm_cron.sh) further modifies system state. The SKILL.md does not provide fallbacks that safely limit execution (it only suggests a manual fallback if scripts fail).
Install Mechanism
There is no install spec (instruction-only), which minimizes package installation risk. However, the lack of bundled code combined with instructions to run external scripts means the skill assumes presence of other local skills/files. That mismatch elevates risk despite the absence of an install step.
Credentials
The skill declares no required environment variables, yet it invokes Python and Bash scripts that may themselves require secrets or service tokens. The SKILL.md does not document expected environment inputs for the referenced scripts. Additionally, the optional cron command accepts an --agent argument ("cody") which could implicitly reference agent tooling or credentials not disclosed.
Persistence & Privilege
always:false (good), but the instructions include an optional script to add a daily cron job which would create persistent system behavior outside the repo. Because the skill can cause persistent changes (crontab) and execute arbitrary external scripts, it demands careful review before use.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install repo-onboarding
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /repo-onboarding 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: combines architecture intake and repo kanban PM onboarding workflow.
元数据
Slug repo-onboarding
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Repo Onboarding 是什么?

Onboard a repo by assessing architecture and dependencies, setting up roadmap and kanban for execution, and generating a comprehensive onboarding report. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 420 次。

如何安装 Repo Onboarding?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install repo-onboarding」即可一键安装,无需额外配置。

Repo Onboarding 是免费的吗?

是的,Repo Onboarding 完全免费(开源免费),可自由下载、安装和使用。

Repo Onboarding 支持哪些平台?

Repo Onboarding 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Repo Onboarding?

由 Broedkrummen(@broedkrummen)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论