GitCode Repo Daily
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gitcode-repo-daily Version: 1.0.0 The skill bundle is a legitimate tool for generating GitCode repository operation reports. It uses the official GitCode API to collect metrics and stores historical data in a local SQLite database (report.db) for trend analysis. The Python script (generate_daily_report.py) relies solely on the standard library and includes robust logic for credential retrieval (including Windows environment variables via PowerShell), API pagination, and Markdown rendering. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can access whatever GitCode repository data the provided token permits, including private repository information if the token has that scope.
The skill requires and reads a GitCode credential, including Windows user/system environment variables, to access repository data.
**GITCODE_TOKEN**:按以下优先级读取,任一处有值即用。 ... 1 | 进程环境变量 `GITCODE_TOKEN` ... 2 | Windows 用户级环境变量 ... 3 | Windows 系统级环境变量
Use a minimally scoped GitCode token and avoid using a token with broader account permissions than needed for report generation.
Operational data from the configured repositories may remain on disk after the report is generated.
The skill persists repository metrics, AI summary input data, and summaries in a local SQLite database for reuse across report runs.
**路径**:`{skill_root}/resources/report.db` ... **daily_metrics** ... `merged_prs_for_ai_json`; ... **daily_summaries** ... 同日多次执行保留最新。Treat the skill directory as containing potentially sensitive repo metadata, and delete resources/report.db or temp_dir files if you do not want historical data retained.
Using the skill runs local code that calls GitCode APIs and writes report/config/database files.
The skill operates by running an included local Python script; this is central to the skill’s purpose and is clearly documented.
`python <SKILL_ROOT>/scripts/generate_daily_report.py [--date YYYY-MM-DD] [--repos "owner/repo,..."]`
Install it only if you are comfortable with the included script running locally for GitCode reporting.
Users have less external context for verifying where the skill came from.
The registry metadata does not provide an upstream source or homepage for independent provenance verification.
Source: unknown; Homepage: none
Review the included artifacts and install from trusted channels; prefer versions with clear source provenance when available.