← 返回 Skills 市场
Uplo Github
作者
RooJenkins
· GitHub ↗
· v1.0.0
· MIT-0
122
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install uplo-github
功能描述
AI-powered GitHub knowledge management. Search repository metadata, code review standards, issue tracking, and team workflows with structured extraction.
安全使用建议
Before installing or enabling: (1) confirm the required configuration (agentdocs_url and api_key) — the package metadata incorrectly listed no env vars; (2) only point the skill at an UPLO instance you control or fully trust, because repository contents, issues, PR text and CODEOWNERS will be sent there; (3) be aware the skill expects to run an MCP server via npx (@agentdocs1/mcp-server) which will download/execute code at runtime — prefer a vetted/pinned package or run it in a restricted environment; (4) limit the API key scope if possible and get organizational approval for sharing repository metadata with the configured service; (5) if you need higher assurance, ask the publisher for a signed release URL, package checksum, or an install spec that avoids implicit npx downloads.
功能分析
Type: OpenClaw Skill
Name: uplo-github
Version: 1.0.0
The uplo-github skill bundle is a GitHub knowledge management tool designed to interface with the UPLO platform. It uses the @agentdocs1/mcp-server package via npx to provide tools for searching repository metadata, CODEOWNERS, and issue history. The SKILL.md and identity-patch.md files contain instructions that align with the stated purpose and include explicit defensive directives, such as instructing the agent to never surface access tokens or deployment credentials regardless of clearance. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
能力评估
Purpose & Capability
The skill claims to provide org-wide GitHub knowledge and the included skill.json/config (agentdocs_url + api_key) describes connecting to an external UPLO MCP server to perform searches — this is coherent. However, the registry metadata at the top of the submission claimed 'Required env vars: none' while skill.json requires an instance URL and API key, which is an inconsistency in the package metadata.
Instruction Scope
SKILL.md instructs only to call UPLO-related operations (get_identity_context, search_knowledge, search_with_context, etc.) and does not direct the agent to read unrelated local files or arbitrary environment variables. It does, however, imply the agent will send repository metadata, issues, PR text, and other org data to the configured UPLO instance — expected for this type of skill but a potentially sensitive data flow that should be authorised.
Install Mechanism
The skill package itself has no install spec, yet README and skill.json indicate runtime behavior that uses npx to start an MCP server ("npx -y @agentdocs1/mcp-server --http"). That implies dynamic download/execution of an npm package at runtime (moderate risk). The package source (@agentdocs1/mcp-server) is referenced but no pinned release URL or checksum is provided. This remote install/exec behavior is not fully declared in the top-level metadata and increases risk.
Credentials
skill.json requires agentdocs_url and api_key (API token) which are proportional to the purpose (the service needs credentials to receive and index GitHub data). However the submitted registry metadata incorrectly listed 'none' for required env vars; that mismatch could mislead users. The API key has access to potentially broad organizational data on the UPLO instance, so only provide it to a trusted instance and with least privilege.
Persistence & Privilege
The skill does not request always:true, does not ask to modify other skills or system-wide config, and has normal autonomous-invocation defaults. There is no evidence it demands system-level persistence or escalated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install uplo-github - 安装完成后,直接呼叫该 Skill 的名称或使用
/uplo-github触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of uplo-github: AI-powered GitHub knowledge management.
- Search repository metadata, code review standards, issue tracking, and team workflows with structured queries.
- Provides organization-aware access, supporting workflows like onboarding, dependency investigation, and ownership lookups.
- Key tools include search_knowledge, search_with_context, get_directives, and flag_outdated for comprehensive querying and metadata management.
- Offers historical and cross-repo insights not easily accessible via native GitHub search.
- Includes tips for making effective use of CODEOWNERS, team data, and discussion histories.
元数据
常见问题
Uplo Github 是什么?
AI-powered GitHub knowledge management. Search repository metadata, code review standards, issue tracking, and team workflows with structured extraction. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 Uplo Github?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install uplo-github」即可一键安装,无需额外配置。
Uplo Github 是免费的吗?
是的,Uplo Github 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Uplo Github 支持哪些平台?
Uplo Github 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Uplo Github?
由 RooJenkins(@roojenkins)开发并维护,当前版本 v1.0.0。
推荐 Skills