← 返回 Skills 市场
rn-bundle-to-github
作者
lvtong199881
· GitHub ↗
· v1.0.0
· MIT-0
120
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install rn-bundle-to-github
功能描述
React Native bundle 发布到 GitHub 的完整工作流。当需要为 React Native 项目打包并发布到 GitHub Release 时激活。包括:(1) 初始化 RN 项目发布配置,(2) 使用 publish.sh 自动发布 release/debug 版本,(3) 生成包含 And...
安全使用建议
This skill appears to do what it says (build and publish React Native bundles) but has two red flags: (1) it tells you to download and execute a remote publish.sh from a third-party GitHub repo without providing the script for inspection, and (2) it instructs storing a repo-scoped GitHub token in ~/.github_token even though the package metadata declares no credentials. Before using: inspect the exact publish.sh content (don't run it blindly), prefer using a short-lived or least-privilege PAT (or a CI secret/GITHUB_TOKEN) rather than a persistent file in your home, verify the raw URL and prefer pinned releases/checksums or vendor the script into your repo, test in a throwaway repository or container, and ensure the token only has the minimal scopes required. If you can't review the script or trust its author, do not run it.
功能分析
Type: OpenClaw Skill
Name: rn-bundle-to-github
Version: 1.0.0
The skill bundle instructs the OpenClaw agent to download and execute a remote shell script from a personal GitHub repository (lvtong199881/MyRNApp) and requires the user to store a GitHub Personal Access Token in a plaintext file (~/.github_token). This 'curl-to-shell' pattern from an unverified third-party source, combined with the requirement for local credential storage, presents a high risk for supply chain attacks and credential theft, even though the stated purpose is a React Native deployment workflow. (File: SKILL.md)
能力标签
能力评估
Purpose & Capability
The skill's purpose (build RN bundles and publish them to GitHub Releases) aligns with the steps described (bundle generation, tag creation, changelog, GitHub API upload). However, the package/registry metadata declares no required credentials or env vars while the runtime instructions explicitly require a GitHub personal access token stored at ~/.github_token. That mismatch (declared requirements = none vs. instructions requiring a token) is inconsistent and should have been declared.
Instruction Scope
SKILL.md instructs downloading a remote publish.sh and executing it (curl -> chmod +x -> ./publish.sh), writing a token file to ~/.github_token, modifying package.json, committing and pushing git changes, creating tags/releases, and uploading assets. All of those steps are within the stated publishing scope, but the instructions give no embedded script to review and ask the user to store an access token in a file — both increase risk. The raw URL used to fetch publish.sh is third‑party and atypically formatted (includes 'refs/heads'); the script content is not bundled or audited.
Install Mechanism
There is no formal install spec in the registry, but the instructions download an executable script from raw.githubusercontent.com and run it. Downloading and executing an external script from an arbitrary third‑party repository is high risk because the code will run on the developer's machine; the skill provides no checksum, pinned release, or inlined script for review.
Credentials
Although the registry metadata lists no required env vars or primary credential, the documentation requires a GitHub Personal Access Token with 'repo' scope and tells the user to create ~/.github_token. Requesting a repo-scoped token is proportionate to creating/updating releases, but the omission from declared requirements is inconsistent and the recommended storage (plaintext file in home directory) is a weaker practice than using an environment variable or CI secret. The skill does not request other unrelated credentials.
Persistence & Privilege
The skill is instruction-only, does not request always:true, and does not claim to modify other skills or system-wide agent settings. Autonomous invocation is allowed by platform defaults but is not combined with other unusually broad privileges in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rn-bundle-to-github - 安装完成后,直接呼叫该 Skill 的名称或使用
/rn-bundle-to-github触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of rn-bundle-to-github: a complete workflow for bundling and publishing React Native projects to GitHub Releases.
- Automates RN project release configuration, bundle generation (Android/iOS), version incrementing, and changelog creation.
- Includes publish.sh script for streamlined release (production) and debug (prerelease) publishing.
- GitHub Releases are used for version management, rollback, and hot update delivery.
- Documentation covers setup, release flow, versioning rules, API integration, troubleshooting, and optimization tips.
元数据
常见问题
rn-bundle-to-github 是什么?
React Native bundle 发布到 GitHub 的完整工作流。当需要为 React Native 项目打包并发布到 GitHub Release 时激活。包括:(1) 初始化 RN 项目发布配置,(2) 使用 publish.sh 自动发布 release/debug 版本,(3) 生成包含 And... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 120 次。
如何安装 rn-bundle-to-github?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rn-bundle-to-github」即可一键安装,无需额外配置。
rn-bundle-to-github 是免费的吗?
是的,rn-bundle-to-github 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
rn-bundle-to-github 支持哪些平台?
rn-bundle-to-github 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 rn-bundle-to-github?
由 lvtong199881(@lvtong199881)开发并维护,当前版本 v1.0.0。
推荐 Skills