Engineering Manager Intelligence — Team Performance & Project Health
v2.1.1Engineering Manager Intelligence: track team performance, engineer contributions, and project health across GitLab/GitHub + Jira/GitHub Issues. Use when aske...
⭐ 0· 265·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (team performance, contributions, Jira/GitHub/GitLab integration, delivery channels) matches the included adapters, report commands, and delivery code. The adapters expect GitLab/GitHub tokens, Jira tokens, and optional Slack/Telegram/SMTP settings — all consistent with the declared functionality.
Instruction Scope
SKILL.md and the setup wizard instruct the agent to check for a .env, run the CLI (em_intel.py) and optionally run a setup flow which opens token pages, writes a .env, installs dependencies, and runs doctor. These runtime actions access only the skill directory, prompt for tokens, and call the documented APIs; they do not instruct the agent to read unrelated system files or exfiltrate data to unknown endpoints. Note: the setup uses webbrowser.open and subprocess.run (pip, docker) which will execute on the host — expected for a CLI-style tool but worth noting.
Install Mechanism
There is no registry install spec; installation is manual. The setup wizard runs pip install -r requirements.txt and may build a Docker image. That is a standard pattern but introduces the usual risks of installing third-party Python packages and building/running containers — review requirements.txt and exercise usual caution before running pip/docker commands.
Credentials
The skill will require multiple credentials (GITLAB_TOKEN / GITHUB_TOKEN, JIRA_TOKEN/JIRA_EMAIL, and optional SMTP/SLACK/TELEGRAM credentials). Those are directly needed for the described integrations and delivery channels. Registry metadata lists no required env vars, which is a minor inconsistency; the skill expects the credentials to be supplied via a .env file created by the setup wizard. The setup persists secrets in plaintext .env under the skill directory — expected but a security consideration.
Persistence & Privilege
always:false (no forced presence). The setup wizard writes a .env file, may run pip install and docker build/run, and may create an em-intel Docker image. The skill does not modify other skills or system-wide config beyond typical dependency installation and writing its own config. These actions alter the local environment and should be run only on trusted machines.
Assessment
This skill appears to do what it says: collect data from GitHub/GitLab and Jira and produce reports. Before installing or running it: 1) Inspect requirements.txt and only install packages you trust (the setup runs pip install -r requirements.txt). 2) Prefer least-privilege tokens (read-only scopes) and separate service accounts where possible. 3) Be aware the setup writes credentials to a .env file in the skill directory (plaintext) — store it securely or use an env-file mechanism with proper filesystem protections. 4) Use the --dry-run to preview output without credentials. 5) If you must run the setup on a shared machine, consider running inside an isolated environment (Python venv or Docker) to limit side effects. Overall, the pieces are coherent with the stated purpose.Like a lobster shell, security has layers — review code before you run it.
dockervk97ffn9e494ew2jtsfrb6nev0582kdjedoravk97ffn9e494ew2jtsfrb6nev0582kdjeengineering-managervk97ffn9e494ew2jtsfrb6nev0582kdjeeod-reviewvk97099vk9g75h8mgsrtd2x7x7d82krksgithubvk97ffn9e494ew2jtsfrb6nev0582kdjegitlabvk97ffn9e494ew2jtsfrb6nev0582kdjejiravk97ffn9e494ew2jtsfrb6nev0582kdjelatestvk97ffn9e494ew2jtsfrb6nev0582kdjemorning-briefvk97ffn9e494ew2jtsfrb6nev0582kdjenewslettervk97ffn9e494ew2jtsfrb6nev0582kdjeteam-performancevk97099vk9g75h8mgsrtd2x7x7d82krks
License
MIT-0
Free to use, modify, and redistribute. No attribution required.