← 返回 Skills 市场
RepoMedic
作者
Marcus Rummler
· GitHub ↗
· v1.0.6
1585
总下载
1
收藏
5
当前安装
7
版本数
在 OpenClaw 中安装
/install repomedic
功能描述
Safely triage and remediate GitHub dependency hygiene issues with explicit guardrails. Use when Dependabot PRs fail, pnpm lockfiles break, transitive vulnerabilities appear (e.g., glob/lodash/brace-expansion), or CI/Vercel fails due to dependency resolution. Prioritize low-risk fixes, branch+PR workflow, and plain-English explanations.
安全使用建议
This skill appears to do what it says: triage and apply low-risk dependency fixes using a branch+PR workflow. Before installing, confirm the agent/platform will: (1) grant only the repository-scoped read/write access you intend (branch-only write), (2) provide access to CI/Vercel logs if needed, and (3) have pnpm/npm/yarn available to run installs. Ask how credentials are supplied (platform token vs. environment variables) and require human approval for medium/high risk actions. Note the small inconsistency: the skill expects package-manager commands but the registry metadata lists no required binaries — verify availability of those tools in your environment. Prefer running the skill in a forked repo or protected branch so changes are visible as a PR before merging.
功能分析
Type: OpenClaw Skill
Name: repomedic
Version: 1.0.6
The OpenClaw AgentSkills bundle 'repomedic' is classified as benign. The `SKILL.md` file, which contains instructions for the AI agent, explicitly defines strong safety guardrails, a least-privilege policy, and non-negotiable 'must NOT' actions. These include never pushing directly to main/master, requiring a branch+PR workflow, limiting local workspace access to the target repository, and preventing external actions or modification of files outside the target repo. While the skill requires capabilities like file modification and command execution (e.g., `pnpm`/`npm`/`yarn`), these are essential for its stated purpose of dependency remediation and are heavily mitigated by the explicit safety instructions, approval gates, and risk labeling, demonstrating a clear intent to operate safely and prevent malicious behavior.
能力评估
Purpose & Capability
Name/description (safe, conservative dependency remediation) aligns with the instructions and requested access (read repo, write to non-default branch, run package manager commands). One minor mismatch: the metadata declares no required binaries, but the runtime instructions explicitly rely on package manager commands (pnpm/npm/yarn). This is a small documentation inconsistency, not a security mismatch.
Instruction Scope
SKILL.md stays within scope: triage Dependabot, lockfile fixes, targeted pnpm.overrides, branch+PR workflow, and validation steps. It does not instruct the agent to read unrelated system files or exfiltrate data. Note: practical operation will require access to repo contents, CI/Vercel failure logs, and network access to package registries — those are expected for the stated tasks and are called out in the doc.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal disk/write footprint. No external downloads or package installs defined by the skill itself.
Credentials
No environment variables or credentials are declared in the metadata (appropriate). The SKILL.md does state it needs read access to the target repo and write access to non-default branches and that it will run package manager commands; these are proportional to purpose. Verify how the platform supplies repo credentials (platform-provided tokens vs. user-provided env vars).
Persistence & Privilege
always:false and user-invocable — the skill does not request permanent or elevated presence. It explicitly forbids pushing to main/master and modifying files outside the target repository, which limits privilege scope.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install repomedic - 安装完成后,直接呼叫该 Skill 的名称或使用
/repomedic触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
- Expanded safety guardrails to prohibit direct pushes to both `main` and `master` branches.
- Refined the approval gate to explicitly require displaying planned file/version changes and always request approval for non-trivial edits.
- Added a new "Required Permissions & Least-Privilege Policy" section outlining strict access and permission boundaries.
- Strengthened prohibitions against modifying files outside the target repository and performing external actions without explicit request.
- Clarified steps for handling missing permissions, emphasizing minimum access and transparent permission requests.
v1.0.5
- Updated SKILL.md with stronger safety guardrails and a clearer dependency-remediation workflow.
- Clarified mission, risk labels, and preferred low-risk remediation patterns.
- Added explicit output contract for consistent, plain-English responses.
- Added clearer “when to use / when not to use” criteria.
- Documentation update only (no code or runtime behavior changes).
v1.0.4
- Added a new "Access & Requirements" section describing RepoMedic's dependency on OpenClaw agent for credentials and permissions.
- Clarified behavior when lacking permissions: RepoMedic now explains access issues and requests only the minimum required permissions.
- No code or functional changes; documentation update only.
v1.0.3
- Removed the lobster emoji 🦞 from the title in SKILL.md for a more streamlined presentation.
- No functional or behavioral changes to the skill; documentation only.
v1.0.2
- Updated skill description for brevity and clarity in the introduction.
- No changes to functionality or usage; documentation wording improved for accessibility.
v1.0.1
- Updated SKILL.md introduction for improved clarity and emphasis on RepoMedic's core maintenance tasks.
- Added a concise opening summary describing what RepoMedic does and its focus areas.
- No functional or behavioral changes; documentation only.
v1.0.0
Initial release of RepoMedic skill.
- Automatically reviews GitHub repositories for dependency issues, broken Dependabot PRs, and security alerts
- Repairs lockfiles, patches transitive dependency vulnerabilities, and applies safe overrides as needed
- Refuses risky upgrades; provides clear explanations and safe next steps when updates would break builds
- Focuses on minimal, targeted pull requests with concise summaries
- No major upgrades or unnecessary changes without user approval
元数据
常见问题
RepoMedic 是什么?
Safely triage and remediate GitHub dependency hygiene issues with explicit guardrails. Use when Dependabot PRs fail, pnpm lockfiles break, transitive vulnerabilities appear (e.g., glob/lodash/brace-expansion), or CI/Vercel fails due to dependency resolution. Prioritize low-risk fixes, branch+PR workflow, and plain-English explanations. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1585 次。
如何安装 RepoMedic?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install repomedic」即可一键安装,无需额外配置。
RepoMedic 是免费的吗?
是的,RepoMedic 完全免费(开源免费),可自由下载、安装和使用。
RepoMedic 支持哪些平台?
RepoMedic 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RepoMedic?
由 Marcus Rummler(@mrummler17)开发并维护,当前版本 v1.0.6。
推荐 Skills