← 返回 Skills 市场
135
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install repo-research
功能描述
GitHub 仓库深度研究与整合分析工具。支持单个/多个仓库研究、与本地项目对比分析、启发式整合建议。支持主题驱动搜索模式:自动搜索相关仓库、克隆、分析并生成报告。克隆远程仓库到本地 research/ 目录,进行深度代码分析、架构评估、依赖解析,并生成结构化研究报告。触发条件:用户提供 GitHub URL 请...
安全使用建议
This skill appears to do what it claims: clone GitHub repositories, analyze their code, and produce reports. Before running it, consider the following: (1) It assumes git and Python (python3) are available though these are not declared — ensure those binaries exist. (2) It will create directories and clone code into the configured output_dir (defaults to ./research or your current working directory) — run it from a directory where writing/cloning is safe, or set output_dir to a sandbox. (3) If you use the 'compare with local path' mode, the skill will read arbitrary local files at the path you provide — only supply directories you trust. (4) The skill may call platform commands like /skill-manager or /find-skills when using theme search; those commands are platform-specific and may prompt additional installs. (5) Review scripts/security.py (included) to understand what the built-in security checks look for. (6) As a general precaution, do not execute code from cloned repositories; the skill appears to analyze files but not run repository code — still review before running anything from the cloned repos. If you want stricter assurance, run the skill in an isolated environment (container or VM) and inspect scripts/security.py and scripts/* for any unexpected subprocess invocations before use.
功能分析
Type: OpenClaw Skill
Name: repo-research
Version: 0.7.0
The repo-research skill bundle is a comprehensive tool for automated GitHub repository analysis, including architectural mapping, code quality metrics, and security auditing. The bundle contains several specialized Python scripts (architecture.py, quality.py, security.py) that perform static analysis on cloned repositories to generate detailed research reports. Notably, the security module (scripts/security.py) implements extensive regex-based detection for common vulnerabilities, hardcoded secrets, and prompt injection attacks in target repositories. The tool's behavior, including its dependency management and configuration logic (scripts/config.py), is transparently documented and aligns strictly with its stated purpose of providing project insights and security evaluations.
能力评估
Purpose & Capability
Name/description match the code and instructions: it clones GitHub repos, analyzes code, and produces reports. However the SKILL.md assumes runtimes/commands (git, python3, /skill-manager, /find-skills) that are not declared in the skill's required binaries list — a small coherence gap: the skill will realistically require git and Python to be present.
Instruction Scope
Runtime instructions explicitly clone remote repositories into an output directory and read repository files for analysis (README, package files, source). The skill also supports a mode that compares remote repos with a user-supplied local path (which will read local files). Those behaviours are expected for this purpose but grant the skill broad read/write access to the agent's current working directory and any local path the user provides. SKILL.md also instructs possibly installing and calling the find-skills skill via platform commands (e.g., /skill-manager), which may not exist on all hosts.
Install Mechanism
No install spec is included and the package is instruction + script files only. Nothing is downloaded from arbitrary URLs during install. This is lower-risk than remote-download installers. The SKILL.md does instruct invoking platform-specific managers to install an optional dependency (find-skills) if the user requests theme search.
Credentials
The skill does not request any environment variables, secrets, or external credentials. The config system supports environment-variable overrides for output_dir and clone depth which is reasonable. The security module is designed to scan repositories for sensitive-file references (e.g., ~/.ssh, ~/.aws) but that is analysis of cloned repos rather than requesting credentials itself.
Persistence & Privilege
always is false and the skill does not request permanent inclusion. It writes analysis output and cloned repositories into a configurable output directory (defaults to ./research or as configured). This file-system write/read behaviour is expected for the stated purpose and does not modify other skills or global agent configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install repo-research - 安装完成后,直接呼叫该 Skill 的名称或使用
/repo-research触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.7.0
GitHub 仓库深度研究与整合分析工具
元数据
常见问题
Repo Research 是什么?
GitHub 仓库深度研究与整合分析工具。支持单个/多个仓库研究、与本地项目对比分析、启发式整合建议。支持主题驱动搜索模式:自动搜索相关仓库、克隆、分析并生成报告。克隆远程仓库到本地 research/ 目录,进行深度代码分析、架构评估、依赖解析,并生成结构化研究报告。触发条件:用户提供 GitHub URL 请... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 135 次。
如何安装 Repo Research?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install repo-research」即可一键安装,无需额外配置。
Repo Research 是免费的吗?
是的,Repo Research 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Repo Research 支持哪些平台?
Repo Research 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Repo Research?
由 xierluo(@cat-xierluo)开发并维护,当前版本 v0.7.0。
推荐 Skills