Copilot CLI AI 代码分析

通过 GitHub Copilot CLI 分析代码、探索项目结构、生成文档和自动化开发任务，提高开发效率。

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 297 · 0 current installs · 0 all-time installs

byZip.Wu@biuyx

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (Copilot CLI code analysis) align with the instructions: the skill is an instruction-only guide to using GitHub Copilot CLI to analyze code and generate docs. Asking for Copilot CLI and a GitHub PAT is proportionate to that purpose.

Instruction Scope

SKILL.md explicitly instructs the agent/user to store a GitHub Personal Access Token at ~/.copilot/github_token.txt and to run commands that read that file (cat ~/.copilot/github_token.txt) into COPILOT_GITHUB_TOKEN. That means the agent/runtime will be expected to read a secret from the user's home directory and will send project code to GitHub's Copilot API — both are in-scope for code analysis but are sensitive operations that should be made explicit in the skill metadata and consented to by the user.

ℹ

Install Mechanism

There is no formal install spec in the registry (instruction-only). SKILL.md suggests installing via 'brew install copilot-cli' which is a standard package manager flow on macOS. This is low-risk compared to arbitrary downloads, but may not work on non-macOS platforms (the skill lists no OS restriction).

Credentials

The registry metadata declares no required env vars or config paths, yet the runtime instructions expect a COPILOT_GITHUB_TOKEN (sourced from ~/.copilot/github_token.txt). The token request is appropriate for Copilot usage, but the metadata/primary-credential fields should declare this. Also, SKILL.md recommends storing the PAT in plaintext under the user's home directory — a security risk if left unprotected.

✓

Persistence & Privilege

The skill does not request 'always: true' and does not claim to modify system-wide agent settings. It is user-invocable and does not demand permanent platform presence.

What to consider before installing

This skill is essentially a how-to for using GitHub Copilot CLI and does require a GitHub Personal Access Token and the copilot CLI binary. Before installing/using it: - Be aware the SKILL.md instructs you to store your PAT as plaintext at ~/.copilot/github_token.txt and uses 'cat' to load it; prefer using a secure secrets store or environment variable managed by your shell rather than an unprotected file. - Verify the PAT scopes and use the minimum required (Copilot-only) and rotate/revoke it if needed. Never give broader scopes than necessary. - Understand that Copilot CLI will send your project code to GitHub's Copilot service for analysis — do not use it on code you cannot send externally. - Note the instructions assume Homebrew (macOS); on Linux/Windows you'll need a different install path. The skill metadata should have declared the token requirement; treat that omission as a sign to manually verify any secret handling before granting access. - If you need higher assurance, ask the publisher to update metadata to declare the required credential/config path and to recommend a safer token storage method (OS keychain or environment-based secrets) rather than a plaintext file.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1

Download zip

latestvk979a9gv3x5yq3nd9cccp2gjqx81xh8e

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Copilot CLI - AI 代码分析助手

功能

使用 GitHub Copilot CLI 分析代码、探索项目、生成代码和自动化开发任务。

前置条件

安装 Copilot CLI
```
brew install copilot-cli
```
设置 GitHub Personal Access Token
- 访问 https://github.com/settings/personal-access-tokens/new
- 创建 fine-grained token，权限：Copilot Requests
- Token 保存到 ~/.copilot/github_token.txt

使用方法

基本命令

# 进入项目目录
cd /path/to/project

# 使用 Copilot CLI（使用保存的 token）
COPILOT_GITHUB_TOKEN=$(cat ~/.copilot/github_token.txt) copilot -p "你的问题"

常用探索问题

项目概览：

"这个项目是做什么的？请简要说明。"

架构分析：

"分析这个项目的架构和主要模块。"

技术栈：

"这个项目使用了哪些主要技术栈和依赖？"

代码查找：

"找到处理用户认证的代码。"

文档生成：

"为这个模块生成文档。"

代码审查：

"审查这个文件，找出潜在问题。"

高级用法

指定文件：

copilot -p "解释 @src/main.js 的功能"

交互式会话：

COPILOT_GITHUB_TOKEN=$(cat ~/.copilot/github_token.txt) copilot

自动执行（需要权限）：

copilot --yolo -p "为这个功能编写单元测试"

注意事项

Copilot CLI 使用 GitHub Copilot API 分析代码
代码存储位置不影响分析（可以是 GitLab、GitHub 等）
一次性查询使用 -p 参数
复杂任务使用交互式会话

配置文件

Token 存储：~/.copilot/github_token.txt
配置目录：~/.copilot/
日志目录：~/.copilot/logs/

故障排查

策略限制错误

如果遇到 "Access denied by policy settings"：

检查 https://github.com/settings/copilot
确认 Copilot CLI 功能已启用
确认组织策略允许第三方 MCP 服务器

Token 过期

创建新的 Personal Access Token 并更新：

echo "新 token" > ~/.copilot/github_token.txt

示例使用

# 分析 base-auto 项目
cd /Users/agent/workspace/base-auto

# 快速提问
COPILOT_GITHUB_TOKEN=$(cat ~/.copilot/github_token.txt) copilot -p "这个项目有什么核心功能？"

# 深度分析
COPILOT_GITHUB_TOKEN=$(cat ~/.copilot/github_token.txt) copilot -p "分析项目的数据库设计，列出主要的表和关系。"

资源

官方文档：https://docs.github.com/en/copilot
命令参考：https://docs.github.com/en/copilot/reference/cli-command-reference

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…