← 返回 Skills 市场
gdperkins

Reporead

作者 Gddp · GitHub ↗ · v1.2.0 · MIT-0
cross-platform ✓ 安全检测通过
390
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install reporead
功能描述
Analyze GitHub repositories using RepoRead AI. Use when the user asks to "analyze a repo", "generate docs", "security audit a repo", "create a README", or wa...
安全使用建议
This skill appears to do what it says: it calls https://api.reporead.com and needs a RepoRead API key. Before installing, consider: 1) storing the API key in your shell profile or MCP config will persist it on disk in plaintext — only do this if you trust the host and want persistent access; 2) importing repositories sends repo content to a third-party service — avoid importing private/confidential repos unless you trust RepoRead and understand their data handling; 3) the included helper scripts attempt to sanitize inputs but input checks are simple and may reject some valid inputs or be imperfect — avoid passing untrusted, specially crafted IDs/URLs; 4) rotate the key if you suspect it was exposed and review RepoRead's privacy/security docs. If you need stronger guarantees, inspect the scripts yourself and prefer setting REPOREAD_API_KEY in a secure secrets store rather than embedding it in config files.
功能分析
Type: OpenClaw Skill Name: reporead Version: 1.2.0 The 'reporead' skill is a legitimate integration for the RepoRead AI service, designed to analyze GitHub repositories. The shell scripts (scripts/reporead-api.sh and scripts/check-connection.sh) use curl to interact with the official API endpoint (api.reporead.com) and include proactive security measures such as input sanitization and path validation to prevent command injection.
能力评估
Purpose & Capability
Name/description (RepoRead repo analysis) match the declared requirements: REPOREAD_API_KEY and curl. The scripts and REST endpoints target api.reporead.com and implement the advertised import/analysis/token endpoints; requested resources are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to set REPOREAD_API_KEY, optionally add it to MCP config files, import repos, start analyses, poll status, and fetch results. The runtime scripts only call the RepoRead API and do not access unrelated system files. Note: the docs recommend placing the API key in shell profiles and MCP JSON configs (plain text), which may store the secret on disk and should be considered a privacy/operational concern.
Install Mechanism
No install spec; this is instruction-only with small helper scripts included. No downloads from third-party URLs and no archives extracted. Risk from the install mechanism is low.
Credentials
Only REPOREAD_API_KEY is required and identified as primaryEnv — proportional to the functionality. However, the SKILL.md encourages storing the key in shell profiles and MCP config JSON (plaintext); users should be aware that doing so persists the secret on disk and may expose it to other processes/users.
Persistence & Privilege
always:false and the skill does not request elevated platform privileges or modification of other skills' configs. It does suggest configuring an MCP server entry with the API key, which is normal for integration but stores the key in config.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install reporead
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /reporead 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Fix shell injection vulnerability in reporead-api.sh: sanitize user inputs before JSON embedding and URL path interpolation to prevent command substitution
v1.1.0
Add Clawdis metadata for credential declaration (REPOREAD_API_KEY), add check-connection.sh and reporead-api.sh helper scripts for REST API fallback, improve setup flow with env var step
v1.0.0
Initial release. MCP server setup, REST API fallback, 5 analysis types, decision framework, 3 workflow patterns.
元数据
Slug reporead
版本 1.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Reporead 是什么?

Analyze GitHub repositories using RepoRead AI. Use when the user asks to "analyze a repo", "generate docs", "security audit a repo", "create a README", or wa... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 390 次。

如何安装 Reporead?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install reporead」即可一键安装,无需额外配置。

Reporead 是免费的吗?

是的,Reporead 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Reporead 支持哪些平台?

Reporead 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Reporead?

由 Gddp(@gdperkins)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论