Oneshot Ship
v0.2.1Ship code with oneshot CLI. One command that plans, executes, reviews, and opens a PR. Runs over SSH or locally. Use when the user wants to ship code changes...
⭐ 0· 353·0 current·0 all-time
byAndrew Wilkinson@adwilkinson
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The described functionality (automated plan → implement → review → PR over SSH or locally) is coherent with requiring Git, SSH, and GitHub access and LLM CLIs. However the SKILL.md relies on multiple external CLIs and LLM services (Claude Code CLI, Codex CLI, GitHub CLI) that are not reflected in the registry metadata, which is an inconsistency worth noting.
Instruction Scope
SKILL.md instructs the agent to read entire repositories (and optional CLAUDE.md files), create worktrees, run commands locally or over SSH, and transmit implementation/review tasks to external LLMs (Anthropic and OpenAI). It also directs storing API keys in ~/.oneshot/config.json and may mirror JSONL event logs. These actions involve reading and transmitting potentially sensitive source code and secrets to third-party services and executing commands on remote hosts—behaviors beyond a simple helper and requiring explicit user consent and trust in the skill source.
Install Mechanism
There is no install spec in the registry (skill is instruction-only), yet the README suggests installing via `bun install -g oneshot-ship`. The absence of an authoritative install source / package manifest in the registry means the skill's suggested installation path isn't verified here and should be checked before running.
Credentials
Registry metadata declares no required env vars, but SKILL.md explicitly requires ANTHROPIC_API_KEY and OPENAI_API_KEY, GitHub CLI authentication, and optionally a Linear API key in config. Requiring multiple cross-service credentials (LLM keys, GitHub auth, Linear) is reasonable for the described pipeline but the omission from metadata is a red flag. The skill also asks to persist these secrets in a plaintext config file (~/.oneshot/config.json), which increases risk.
Persistence & Privilege
The skill writes config and history files under the user's home (~/.oneshot/config.json, ~/.oneshot/history.json), creates temporary worktrees, and can run background jobs (--bg). It does not request always:true and does not modify other skills. Persisting API keys and history locally is expected for the tool but is sensitive and should be reviewed.
What to consider before installing
Key points to consider before installing or running this skill:
- The SKILL.md requests ANTHROPIC_API_KEY, OPENAI_API_KEY, GitHub authentication, and optionally Linear API credentials, but the registry metadata lists none — assume you will need to provide these. Confirm the exact credentials required before proceeding.
- The pipeline will read whole repos and send code and prompts to external LLM services (Anthropic/OpenAI). If your repo contains sensitive information, do NOT run this against private repos unless you trust both the skill source and the LLM providers' data handling.
- The tool stores keys in ~/.oneshot/config.json (plaintext in home directory per the doc). Prefer ephemeral or least-privilege tokens, and avoid long-lived secrets in that file.
- The skill can operate over SSH and execute commands on remote servers. Only provide SSH access to hosts you fully control and audit what commands the oneshot tool will run (use --dry-run first).
- There is no install manifest in the registry; the README suggests installing via bun from a GitHub repo. Verify the upstream repository and its release artifacts before installing any global binary.
- Practical mitigations: run in --dry-run or --local mode first, inspect the prompts and what is sent to LLMs (prompts/*.txt and CLAUDE.md), use limited-scope GitHub PATs, use ephemeral LLM keys, and review ~/.oneshot/config.json and history after runs. If you cannot verify the source code or provenance, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
automationclaudeclicodexlatest
Andrew Wilkinson@adwilkinson
Downloadoneshot CLI
Ship code with a single command. oneshot runs a full pipeline: plan (Claude) → execute (Codex) → review (Codex) → PR (Claude). Works over SSH to a remote server or locally with --local.
When to use this skill
- User wants to ship a code change to a repository without manual coding
- User wants to automate the plan/implement/review/PR workflow
- User mentions "oneshot" or wants to delegate a coding task
- User wants to run a task on a remote server or locally
Installation
bun install -g oneshot-ship
Setup
Run oneshot init to configure SSH host, workspace path, API keys, and model preferences. Config is saved to ~/.oneshot/config.json.
Repos on the server should live as <org>/<repo> under the workspace path:
~/projects/
my-org/my-app/
my-org/my-api/
Server prerequisites
- Bun
- Claude Code CLI
- Codex CLI
- GitHub CLI (authenticated)
ANTHROPIC_API_KEYandOPENAI_API_KEYin environment
Usage
oneshot <repo> "<task>" # ship a task
oneshot <repo> <linear-url> # ship from a Linear ticket
oneshot <repo> "<task>" --bg # fire and forget
oneshot <repo> "<task>" --local # run locally, no SSH
oneshot <repo> "<task>" --deep-review # force exhaustive review
oneshot <repo> "<task>" --model sonnet # override Claude model
oneshot <repo> "<task>" --branch dev # target a different branch
oneshot <repo> --dry-run # validate only
oneshot init # configure
oneshot stats # recent runs + timing
Pipeline
- Validate: checks the repo exists, fetches latest from origin
- Worktree: creates a temp git worktree from the target base branch
- Classify: classifies the task as
fastordeepvia heuristics + LLM - Plan: Claude reads the codebase and CLAUDE.md conventions, outputs an implementation plan
- Execute: Codex implements the plan. If it times out with partial changes, the pipeline continues
- Draft PR: Claude creates a branch, commits, pushes, and opens a draft PR
- Review: Codex reviews the diff. In
deepmode it runs an exhaustive review across correctness, security, and code quality - Finalize: pushes review fixes and marks the PR ready
Worktree is cleaned up after every run.
Configuration
~/.oneshot/config.json:
{
"host": "user@100.x.x.x",
"basePath": "~/projects",
"anthropicApiKey": "sk-ant-...",
"linearApiKey": "lin_api_...",
"claude": { "model": "opus", "timeoutMinutes": 180 },
"codex": {
"model": "gpt-5.4-mini",
"reasoningEffort": "xhigh",
"reviewModel": "gpt-5.4-mini",
"reviewReasoningEffort": "xhigh",
"timeoutMinutes": 180
},
"stepTimeouts": {
"planMinutes": 20,
"executeMinutes": 60,
"reviewMinutes": 20,
"deepReviewMinutes": 20,
"prMinutes": 20
}
}
Only host is required for SSH runs. Local mode works without a config file.
Flags
| Flag | Short | Description |
|---|---|---|
--model | -m | Override Claude model |
--branch | -b | Base branch (default: main) |
--deep-review | Force exhaustive review mode | |
--local | Run locally instead of over SSH | |
--bg | Run in background, return PID + log path | |
--dry-run | -d | Validate only |
--events-file | Mirror JSONL events to an additional file | |
--help | -h | Help |
--version | -v | Version |
Customization
- Put a
CLAUDE.mdin any repo root. oneshot passes it to Claude and Codex at every step - Edit
prompts/plan.txt,execute.txt,review.txt,pr.txtto change pipeline behavior
Tips
- Use
--bgto fire and forget long tasks - Linear integration moves tickets to "In Review" and comments the PR URL
- Per-step timeouts prevent runaway processes (plan 20m, execute 60m, review 20m, PR 20m)
- Worktree isolation means your main branch is never touched
- Task classification picks
fastordeepmode automatically. Use--deep-reviewto force deep - Duration estimates come from historical runs per repo (
~/.oneshot/history.json)
Comments
Loading comments...