tvs-pullread
v1.0.0分析远程代码变更,既能对比本地差异,也能深入解释远程变更的具体实现和业务逻辑。聚焦业务/功能层面(而非逐文件列出所有改动),帮助开发者快速理解 PR/拉取的实质内容,并可深入解读任何感兴趣的变更细节。分析后主动询问是否合并,以及是否需要协助处理冲突。
⭐ 0· 119·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise to analyze remote code changes and explain business/functional impact; SKILL.md only asks the agent to read diffs/commit messages and infer intent—this is coherent with the stated purpose. It does not request unrelated credentials or system access.
Instruction Scope
Instructions ask the agent to run git commands (git fetch, git diff, git log) or to request git diff output from the user. That is expected for a PR/remote-diff reviewer. The doc references reading repo files (e.g., CLAUDE.md or code structure) which is within scope. Users should note that performing these steps means the agent will read repository files and commit history (sensitive IP).
Install Mechanism
No install spec and no code files — lowest risk. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables or credentials, which matches an instruction-only reviewer. However, to actually fetch remote branches the runtime may need existing Git remote access (SSH keys/HTTP tokens) present in the user's environment; the skill does not ask for or store credentials itself.
Persistence & Privilege
disable-model-invocation is true (the skill cannot autonomously call the model), and always is false. The skill does not request persistent presence or modify other skill/system configs.
Assessment
This skill is instruction-only and appears to do only what it says: read git diffs/commit messages and summarize business-level changes. Before using it, remember: 1) the agent (or your local environment) will need read access to your repository and may run git commands — ensure you are comfortable with that access; 2) fetching remotes can require SSH keys or tokens that live in your environment (the skill won't ask for them explicitly); 3) never paste private repository content to third-party services unless you're okay sharing that code; and 4) because the skill cannot autonomously invoke the model (disable-model-invocation: true), it will only act when you run it. If you want extra assurance, run git fetch/diff yourself and paste only the minimal diff/snippets you want analyzed rather than giving full repository access.Like a lobster shell, security has layers — review code before you run it.
latestvk97amwhyb4ceh04rv3ecdrwrn5833mnc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.