← 返回 Skills 市场
46
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yihui-github-monitor
功能描述
Monitor multiple GitHub repos with configurable alert policies for releases, PRs, and security, sending low-noise notifications via scheduled cron jobs.
安全使用建议
This skill appears to be a legitimate GitHub monitor, but there are gaps between what it says it will do and what it declares it needs. Before installing, confirm these points with the author or your admin:
- Where will the state file be stored? Prefer a workspace-scoped, non-root path you control; prevent writing to arbitrary /root paths.
- How are notifications delivered? Ask which notify_target mapping the platform provides and whether you must supply Slack/Telegram/Feishu/Discord tokens; require explicit documentation and least-privileged tokens for messaging.
- Will you provide a GitHub token? Monitoring many repos typically needs an authenticated token to avoid rate limits — only grant a token with repo:public_repo scope (or narrower) and rotate it periodically.
- Verify that the agent will not backfill historical events (SKILL.md says it should not); confirm initial-run behavior in practice.
If the author can update the skill metadata to declare required config paths and env vars (and allow configuring a non-root state path), the mismatches would be resolved. If you cannot get that assurance, treat the skill as higher risk and restrict its filesystem and credential access.
功能分析
Type: OpenClaw Skill
Name: yihui-github-monitor
Version: 1.0.0
The skill is a well-defined GitHub repository monitor designed for OpenClaw. It provides clear instructions for an AI agent to track releases, commits, and PRs using public APIs, with logic for severity scoring and state management to prevent notification noise. No indicators of malicious intent, data exfiltration, or unauthorized execution were found in SKILL.md or _meta.json.
能力评估
Purpose & Capability
Name/description and SKILL.md align: it is a GitHub repo monitor that polls the GitHub API and sends notifications. However, the skill expects persistent state storage (a state_file path is suggested under /root/.openclaw/...) and delivery to notify targets (telegram/slack/feishu/discord/channel) but the registry metadata declares no required config paths or credentials. Those capabilities are plausible for this purpose but the lack of declared filesystem access and credentials is an inconsistency.
Instruction Scope
SKILL.md instructs the agent to read/write persistent state (installed_at, last_checked_at, last_notified_at, pending_daily) and to initialize state on first-run. It also recommends sending degradation/recovery alerts and delivering notifications to various channel types. Those are within the monitor's scope, but the instructions hard-code an example path under /root and assume the agent can persist and deliver notifications without describing how authentication for GitHub or messaging channels is obtained. The skill does not instruct reading unrelated system files or secrets, but it does require write access to a filesystem location that may be privileged.
Install Mechanism
Instruction-only skill with no install spec or code files — minimal on-disk installation risk. Nothing is downloaded or written by an install step itself; the runtime instructions cause state writes, which is expected behavior for a monitor.
Credentials
Registry metadata declares no required env vars/credentials, but practical operation likely needs: (a) a GitHub token to avoid strict public rate limits when monitoring many repos, and (b) credentials or channel tokens to post to external messaging services. The SKILL.md mentions multiple notification backends but provides no guidance or declared requirements for their credentials. This mismatch could lead to the agent storing or using credentials outside expected metadata or attempt unauthenticated calls with degraded behavior.
Persistence & Privilege
The skill requests persistent state via a state_file and recommends a path under /root/.openclaw/workspace/memory/..., but it does not request always:true or elevated platform privileges. Persisting state is reasonable for deduplication and digests, but using /root paths may be inappropriate on multi-tenant systems. The skill does not request modifying other skills or system settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yihui-github-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/yihui-github-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
YiHui GITHUB MONITOR 是什么?
Monitor multiple GitHub repos with configurable alert policies for releases, PRs, and security, sending low-noise notifications via scheduled cron jobs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 46 次。
如何安装 YiHui GITHUB MONITOR?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yihui-github-monitor」即可一键安装,无需额外配置。
YiHui GITHUB MONITOR 是免费的吗?
是的,YiHui GITHUB MONITOR 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
YiHui GITHUB MONITOR 支持哪些平台?
YiHui GITHUB MONITOR 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 YiHui GITHUB MONITOR?
由 辉哥(@1yihui)开发并维护,当前版本 v1.0.0。
推荐 Skills