App Packager
v1.0.0自动切换 Git 分支并执行 APP 打包脚本。支持指定分支、平台、构建类型、版本号、上传选项、API_KEY和更新说明。 打包完成后会自动通知用户结果。 Use when: 用户需要打包 APP、切换分支打包、构建应用、生成安装包。 NOT for: 代码合并、代码提交、单元测试、代码检查。
⭐ 0· 124·1 current·1 all-time
by@heigher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name and description (switch git branch and run packaging/upload) match the SKILL.md actions (git fetch/checkout/pull, run packaging script, optionally upload). There is no unrelated credential request. Minor inconsistency: the README example calls a wrapper at ~/.openclaw/.../scripts/app-packager, yet the runtime flow directly runs ./pgyer_all.sh inside the project — this mismatch should be clarified.
Instruction Scope
The instructions perform destructive/side-effect operations on a local repository: fetch, checkout (possibly creating a local branch tracking origin), pull, and run an arbitrary packaging script from the project. They assume a hard-coded absolute project path (/Users/nuoyun/Desktop/package/NYLiveUser) and call ./pgyer_all.sh. The skill does not stash or protect uncommitted changes before checkout/pull, so running it may alter working tree state. The flow captures output and scans for URLs to report back — which is expected — but users should be aware the skill will access the filesystem, run shell commands, and communicate build/upload results.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself (the script executed is expected to be in the project).
Credentials
No required environment variables or primary credentials are declared. The skill supports an optional API_KEY provided by the user for uploading (expected for a pgyer upload). No extraneous secrets are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system-wide configuration or to modify other skills. It does execute commands in the user's workspace when invoked, which is expected for this functionality.
Assessment
This skill will run git commands and execute a packaging script inside a specific project path. Before using it: 1) Confirm the hard-coded project path matches your project or update the instructions; 2) Ensure you have no uncommitted changes (the flow may checkout and pull, which can overwrite/complicate local changes); 3) Inspect the project's ./pgyer_all.sh (and any wrapper scripts) to verify they are safe and do what you expect, especially before supplying an API_KEY for uploads; 4) Prefer running it first in a disposable clone or branch to observe behavior; 5) If you need it to operate on a different path, modify the SKILL.md or provide a safe configuration mechanism. These steps reduce risk from accidental repo state changes or unintended uploads.Like a lobster shell, security has layers — review code before you run it.
latestvk97000nx5hcdwcft3ctdk3wkj1837484
License
MIT-0
Free to use, modify, and redistribute. No attribution required.