← 返回 Skills 市场
433
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install repomix-explorer
功能描述
Use this skill when the user wants to analyze or explore a codebase (remote repository or local repository) using Repomix. Triggers on: 'analyze this repo',...
安全使用建议
This skill appears to do what it says: run Repomix to pack a repo and analyze the output. Before installing/using it, consider: (1) npx repomix@latest will fetch and execute code from the npm registry — if you want stronger guarantees, pin a specific repomix version (e.g., [email protected]) or install/inspect the CLI yourself; (2) the agent will read repository files and any generated output in /tmp or the working directory — do not run it on repositories containing secrets you don't want to expose; (3) run the skill in a sandbox/container if you are worried about executing third-party code; (4) verify the repomix package source (npm package page, GitHub repo, checksum) if you need higher assurance. If you control the environment, manually installing and vetting repomix before allowing the agent to run it reduces risk.
功能分析
Type: OpenClaw Skill
Name: repomix-explorer
Version: 0.1.0
The skill instructs the AI agent to execute shell commands (`npx repomix@latest`, `grep`) with parameters directly derived from user input (e.g., repository names, local paths, output paths, include/ignore patterns). The `SKILL.md` instructions do not include explicit directives for input sanitization, which creates a significant shell injection vulnerability. A malicious user could craft inputs containing shell metacharacters to execute arbitrary commands or write files to unintended locations. While the skill's stated purpose is benign and there is no evidence of intentional malicious behavior (such as data exfiltration or persistence), the lack of input sanitization for shell commands makes it suspicious.
能力评估
Purpose & Capability
Name/description match the instructions: the skill tells the agent to run the Repomix CLI (via npx) to pack and analyze repositories, and to read the produced output for analysis. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to run shell commands (npx repomix@latest) and to read generated output files (usually in /tmp or ./repomix-output.xml). This stays within the stated purpose (analyzing remote or local repos). However, allowing shell execution and arbitrary file reads means the agent will access repository contents and any generated output; ensure the user expects the agent to read the repo and any sensitive files it may contain.
Install Mechanism
This is an instruction-only skill with no install spec, but the runtime commands use `npx repomix@latest`, which downloads and executes code from the npm registry. Using npx/@latest is convenient but can execute arbitrary code from a third-party package at runtime — a normal supply-chain risk for CLI tools. No archive downloads from untrusted URLs are present.
Credentials
No environment variables, credentials, or config paths are requested. The required surface is proportional to the stated purpose (analyzing repositories).
Persistence & Privilege
The skill does not request persistent/always presence; default autonomy is allowed (platform default). It does not propose modifying other skills or system-wide settings. Output files are written to /tmp or local working directory per the instructions.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install repomix-explorer - 安装完成后,直接呼叫该 Skill 的名称或使用
/repomix-explorer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of repomix-explorer: a skill for analyzing codebases with Repomix.
- Supports analysis of both remote and local code repositories using the Repomix CLI.
- Automates selection of Repomix commands, output formats, and compression options based on user intent.
- Guides workflow from repository packing, through output file analysis (using grep and pattern search), to clear summaries and actionable insights.
- Includes best practices for efficient exploration, output management, and typical search patterns for code structure, metrics, and pattern discovery.
- Offers example workflows to help users get started quickly with common codebase analysis tasks.
元数据
常见问题
Repomix Explorer 是什么?
Use this skill when the user wants to analyze or explore a codebase (remote repository or local repository) using Repomix. Triggers on: 'analyze this repo',... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 433 次。
如何安装 Repomix Explorer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install repomix-explorer」即可一键安装,无需额外配置。
Repomix Explorer 是免费的吗?
是的,Repomix Explorer 完全免费(开源免费),可自由下载、安装和使用。
Repomix Explorer 支持哪些平台?
Repomix Explorer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Repomix Explorer?
由 kongyo2(@kongyo2)开发并维护,当前版本 v0.1.0。
推荐 Skills