← 返回 Skills 市场
Repo Onboarding Guide
作者
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
105
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install repo-onboarding-guide
功能描述
扫描仓库目录与说明文件,生成新成员上手路径、推荐阅读顺序与踩坑提醒。;use for repo, onboarding, developer-experience workflows;do not use for 泄漏私有源码内容到外部, 执行构建命令.
安全使用建议
This skill appears to do what it says (produce onboarding reports) and only needs python3, but there is a notable mismatch: docs claim it only inspects directory/file names while the script actually reads file contents (Markdown, code, CSV) and pattern-scans for secrets. Before installing or running: 1) review scripts/run.py yourself (it's bundled) and confirm you are comfortable with it reading repository files; 2) do not run it against repositories containing secrets or private data unless you are prepared to review/strip outputs first; 3) run in a sandbox or with --dry-run and inspect generated output before sharing externally; 4) if you require stricter guarantees (e.g., only filenames), request or implement a version that limits reads to file metadata only; 5) if you plan to allow autonomous invocation, be aware that an agent could run the script on any repository it has access to — restrict skill usage or add explicit checks to avoid accidental data leakage.
功能分析
Type: OpenClaw Skill
Name: repo-onboarding-guide
Version: 1.0.0
The skill bundle is a repository analysis tool designed to generate onboarding guides by scanning local file structures and documentation. The core logic in `scripts/run.py` performs read-only operations, including a security-focused feature that uses regex to detect (but not execute) risky patterns like hardcoded secrets or 'curl|bash' commands in the target repository. The instructions in `SKILL.md` and `README.md` are well-defined, explicitly prohibiting data exfiltration and unauthorized command execution, and the code contains no network activity, obfuscation, or persistence mechanisms.
能力评估
Purpose & Capability
Name/description, required binary (python3), and included files align with a repo-audit/onboarding generator. However SKILL.md and README emphasize a safety boundary '默认只读目录与文件名' (only read filenames), while scripts/run.py clearly reads file contents (Markdown, source files, CSVs) to build reports and pattern matches. This is an internal inconsistency between claimed safe scope and actual capability.
Instruction Scope
Runtime instructions permit executing the local script (python3 scripts/run.py ...) and instruct the agent to produce structured outputs. The SKILL.md warns not to leak private source and not to run builds, but it still permits running the script which will read full file contents and pattern-scan for secrets. There is no automated safeguard preventing the agent from including sensitive content in outputs — the skill relies on the operator to sanitize.
Install Mechanism
No external install step or downloads. The skill is instruction-only with an included Python script; nothing pulls code from remote URLs or executes installers. This is low-risk from supply-chain/install perspective.
Credentials
No environment variables or credentials are requested. The skill does read files from a supplied directory (including source files), which is necessary for the stated purpose, but this increases the chance of accidental exposure of secrets present in the repository.
Persistence & Privilege
always=false and no special privileges requested. The skill does not attempt to modify other skill configs or system-wide settings. It can be executed locally; autonomy (model invocation) is enabled by default but not unusual — note that autonomous execution combined with the ability to read repo files increases blast radius if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install repo-onboarding-guide - 安装完成后,直接呼叫该 Skill 的名称或使用
/repo-onboarding-guide触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of repo-onboarding-guide.
- Scans repository directories and documentation to generate onboarding guides for new members.
- Produces reading order recommendations, onboarding paths, and common pitfalls.
- Includes strict boundaries: does not leak private code, execute build commands, or perform external write actions.
- Structured outputs: repository overview, key folders, preparation steps, and documentation suggestions.
- Supports dry-run/audit mode and adds explicit boundaries for privacy, risk, and compliance.
元数据
常见问题
Repo Onboarding Guide 是什么?
扫描仓库目录与说明文件,生成新成员上手路径、推荐阅读顺序与踩坑提醒。;use for repo, onboarding, developer-experience workflows;do not use for 泄漏私有源码内容到外部, 执行构建命令. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 105 次。
如何安装 Repo Onboarding Guide?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install repo-onboarding-guide」即可一键安装,无需额外配置。
Repo Onboarding Guide 是免费的吗?
是的,Repo Onboarding Guide 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Repo Onboarding Guide 支持哪些平台?
Repo Onboarding Guide 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 Repo Onboarding Guide?
由 vx:17605205782(@52yuanchangxing)开发并维护,当前版本 v1.0.0。
推荐 Skills