Github Stars Analyzer
v0.0.1抓取指定 GitHub 用户 Stars 下的所有项目,并生成标准化中文 Markdown 报告。当用户提到"分析 GitHub stars"、"导出收藏项目"、"汇总 GitHub 星标"、"生成 stars 报告",或粘贴包含 ?tab=stars 的 GitHub 链接时,必须触发此技能。始终通过 bash...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description promise (抓取 GitHub 用户的 starred 仓库并生成中文 Markdown 报告) aligns with the provided Python script and template. The files and instructions only reference GitHub API calls and local file output; there are no extra services, credentials, or binaries requested that would be disproportionate.
Instruction Scope
SKILL.md instructs copying and running the included fetch_stars.py and then presenting the generated file. The runtime actions are limited to calling api.github.com, rendering a Markdown file, and copying files under the user's filesystem. Note: the skill explicitly requires network access to GitHub (and suggests running locally because the agent host may not have outbound Internet). Also: the SKILL.md forbids using web_fetch/browser artifact and demands bash_tool execution — reasonable but gives the agent permission to execute shell commands. You should be aware executing the included script runs arbitrary Python code from this skill on your machine.
Install Mechanism
There is no install spec (instruction-only with a bundled script). No remote downloads or extraction are performed by the skill itself. The only dependency is the common 'requests' library; the script prints a helpful message if requests is missing. Minor usability note: SKILL.md does not explicitly include a 'pip install requests' step, although the script's header mentions it.
Credentials
The skill requests no environment variables or stored credentials. It supports an optional GitHub Personal Access Token passed as a CLI argument to increase rate limits; this is proportionate and the SKILL.md recommends creating a token with no scopes. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not request any persistent privileges or attempt to modify other skills or global agent settings. It runs on demand and only instructs the agent to copy and run a local script and to present the generated file.
Assessment
This skill appears coherent and implements what it claims: it uses the GitHub API to fetch starred repos and renders a Markdown report. Before running: (1) review fetch_stars.py yourself to confirm there are no unexpected network calls or data sinks (the script as provided calls only api.github.com and writes a local Markdown file), (2) run it locally or in a sandboxed environment (it executes arbitrary Python code included in the skill), (3) install its dependency if needed (pip install requests), and (4) only supply a GitHub PAT if you understand it increases rate limits — the skill correctly states a token with no scopes is sufficient. Since the skill source and homepage are unknown, exercise the usual caution and inspect the code before execution.Like a lobster shell, security has layers — review code before you run it.
latestvk974asgqcrnrs33s1k8x0qw18584ecfx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.