GitHub项目调研器
v1.0.0GitHub 项目调研与对比工具。当用户要求'搜索 GitHub 项目'、'对比开源项目'、'选一个 XX 工具'、'哪个项目最受欢迎/活跃'、'评估哪个好'、'怎么选'等场景时使用。通过 GitHub API 搜索、采集数据、系统化对比,输出结构化推荐报告。
⭐ 0· 99·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the runtime instructions: all commands and data collection are GitHub API calls (search, repo metadata, commits, releases, issues, README). No unrelated binaries, config paths, or credentials are required by the skill as provided.
Instruction Scope
Instructions stay within the stated scope (search repos, gather metadata, parse README, build comparison). They do advise switching to 'gh api' or using authenticated calls when hitting 403 rate limits, but the skill does not instruct reading local files or other system secrets. The only scope caveat: many API calls can be made in aggregate (per candidate repo), so callers should be aware of rate limits and the possibility of needing an auth token.
Install Mechanism
Instruction-only skill with no install spec and no code files. No packages or external downloads are requested, so nothing is written to disk by an installer.
Credentials
The skill declares no required environment variables or credentials, which is proportional for public-data queries. However, the runtime guidance references using 'gh' or authenticated requests to avoid 403 rate limits—the skill does not declare an optional GITHUB_TOKEN or explain required token scope. If you plan to run many queries, an auth token (read-only public_repo scope) may be needed but is not described here.
Persistence & Privilege
The skill does not request persistent installation, always:true, or modification of other skills or system settings. It is user-invocable and not force-enabled.
Assessment
This skill appears coherent and limited to public GitHub data collection. Before installing or running it: (1) recognize it will perform multiple outbound GitHub API requests—you may hit unauthenticated rate limits quickly; consider supplying a minimal-scope GitHub token if you trust the skill (the skill does not request or store one automatically). (2) If you supply a token, use a token with minimal scope (public repo read) and avoid using highly privileged personal tokens. (3) Confirm you are comfortable with the agent making network calls from your environment and that collected results (reports) won't be sent elsewhere. (4) If you plan to evaluate private repos, require explicit instructions and explicit credential declaration before proceeding. Otherwise, this instruction-only skill is consistent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
comparisonvk970ntd09s0jhh7f0cftb59mhh83f26ngithubvk970ntd09s0jhh7f0cftb59mhh83f26nlatestvk970ntd09s0jhh7f0cftb59mhh83f26nopenclawvk970ntd09s0jhh7f0cftb59mhh83f26nresearchvk970ntd09s0jhh7f0cftb59mhh83f26n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.