ClawHub

Oss Pilot

v2.0.2

End-to-end open-source GitHub contribution automation system. Discover high-value issues, implement fixes, open quality PRs, monitor CI/review status, and le...

0· 110·0 current·0 all-time
byCypher@cypherm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (automating discover→implement→PR→check) match the runtime instructions and required binaries (gh, git). No unrelated credentials, tools, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to read/write profile and PR context files under ./oss-pilot-data/, operate on a local clone (local_path), run gh/git commands, and execute repo build/lint/test commands (e.g., pnpm install, make, cargo test). Executing repo toolchains is necessary for this skill but carries the expected risk of running untrusted build scripts; the README/SKILL.md explicitly calls this out and suggests gating and containment.
Install Mechanism
Instruction-only skill with no install spec and no downloads — lowest install risk. It relies on existing gh/git binaries being present.
Credentials
No environment variables, secrets, or unrelated service credentials are requested. The only external access is via the gh CLI to GitHub, which is proportional to the described functionality.
Persistence & Privilege
Skill stores profiles and context under ./oss-pilot-data/ and expects to read/write local clones (local_path). It does not request always:true or modify other skills; autonomous invocation is allowed by platform default. Because it executes local commands, combine this persistence with sandboxing recommendations before use.
Assessment
This skill appears coherent for automating GitHub contributions. Before installing or running it: 1) Ensure gh and git are installed and gh is authenticated with the account you intend to use. 2) Use a container/VM or a dedicated automation account when targeting unfamiliar repos (the skill runs repo build/test commands which can run postinstall hooks). 3) Review and populate the profile (local_path, upstream_remote) so the skill operates on the intended clone/remotes. 4) Manually inspect package.json/Makefile/etc. for risky scripts before the first install/test run. 5) Keep the workspace (./oss-pilot-data/) and local clones on disk you control; consider limiting network/mount privileges in your sandbox. If you want additional assurance, request the skill author/source or a code-based implementation (instead of instruction-only) so the code can be audited.

Like a lobster shell, security has layers — review code before you run it.

latestvk973txw7d3tewja69zxy92bctn8431es

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgh, git

Comments