← 返回 Skills 市场
erergb

Wander Monitor

作者 ERerGB · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
304
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install wander-monitor
功能描述
Guides use of Wander to monitor GitHub Actions without polling. Use when the user pushes code and wants CI notifications, asks how to watch workflows, avoid...
安全使用建议
Before installing or enabling this skill, consider: 1) It instructs the agent to auto-run background shell scripts after each git push — review whether you want an agent to execute local scripts automatically. 2) The skill expects access to your gh CLI authentication and local files (repo tree, ~/.config/gh), but the metadata declares no credentials — verify what tokens/credentials gh exposes and limit scope. 3) The recommended install clones a third‑party GitHub repo and runs its scripts; audit the wander repo (watch-*.sh, smart-push.sh) for any network calls, data uploads, or commands that could exfiltrate secrets before running them. 4) If you want the functionality but not autonomous execution, run the scripts manually or require explicit confirmation before the agent starts background watchers. 5) If possible, ask the skill author for explicit declarations of required credentials and a signed/reputable source for the Wander tool; absence of declared env vars and the 'auto-trigger' instruction are the primary red flags here.
功能分析
Type: OpenClaw Skill Name: wander-monitor Version: 1.0.3 The skill mandates an 'auto-trigger' behavior in SKILL.md, instructing the agent to automatically execute background scripts from an external repository (https://github.com/ERerGB/wander.git) after every 'git push'. It also directs the agent to modify user shell configuration files (~/.zshrc, ~/.bashrc) for persistence and environment setup. While these actions are consistent with the stated purpose of CI monitoring, the requirement for autonomous execution of external code and modification of system profiles poses a high risk of abuse.
能力评估
Purpose & Capability
The name/description (monitor GitHub Actions) match the instructions to run watch-workflow scripts and use gh; that is coherent. However the SKILL.md mandates autonomous behavior after every git push (start background watchers) which is stronger than the registry metadata (no 'always' and no declared credentials) and effectively asks the agent to take persistent action tied to repo events.
Instruction Scope
The SKILL.md tells the agent to start background scripts after every git push, read repository files (.workflows.yml, .github/workflows/*), run scripts from a local clone (watch-workflow-bg.sh, smart-push.sh), check terminal output and report. That grants the agent ability to execute arbitrary shell scripts from a third‑party repo and monitor local state — more scope than a simple notification helper and potentially dangerous if the scripts are malicious or unexpected.
Install Mechanism
No automated install spec (instruction-only), which is low-risk by itself. The docs recommend cloning a GitHub repo (https://github.com/ERerGB/wander) and running its shell scripts; this is a manual network fetch of third‑party code and should be reviewed before execution.
Credentials
SKILL.md requires the gh CLI to be installed and authenticated (implicitly requiring access to GitHub auth tokens/config), and references WANDER_HOME and PATH changes — yet the skill metadata declares no required env vars or primary credential. Implicit access to the user's GitHub auth and shell environment is necessary for functionality but is not declared, which is an inconsistency and a potential privacy/security risk.
Persistence & Privilege
Although registry flags show always:false, the instructions explicitly demand the agent auto-trigger after every git push and to start background/detached processes and write logs under ~/.wander_logs. That attempts to establish persistent behavior and local process execution tied to repository events; combined with executing third‑party scripts, this elevates risk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wander-monitor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wander-monitor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
CD: eba8a91ba7bd65cc6b6a81c6119bcdbc66b0b14c
v1.0.2
CD: 7db960a7616e4e37c5caaad175b55f4f50e10287
v1.0.0
Initial release
元数据
Slug wander-monitor
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Wander Monitor 是什么?

Guides use of Wander to monitor GitHub Actions without polling. Use when the user pushes code and wants CI notifications, asks how to watch workflows, avoid... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 304 次。

如何安装 Wander Monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wander-monitor」即可一键安装,无需额外配置。

Wander Monitor 是免费的吗?

是的,Wander Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Wander Monitor 支持哪些平台?

Wander Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Wander Monitor?

由 ERerGB(@erergb)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论