Atomgit Powershell
v3.0.1AtomGit (GitCode) 代码托管平台集成 - PowerShell 版本。完整支持 PR 审查、批准、合并、仓库管理、Issues 管理。特色功能:批量并行处理 (性能提升 80%)、CI 流水线检查、仓库协作管理。跨平台:Windows/Linux/macOS。
⭐ 1· 96·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AtomGit PowerShell integration) align with required binary (powershell) and the single required env var (ATOMGIT_TOKEN). The provided scripts implement PR, issue, CI-check and collaborator operations against api.atomgit.com which matches the declared purpose.
Instruction Scope
SKILL.md tells the agent to restore .ps1 file extensions, load the included PowerShell scripts, and set ATOMGIT_TOKEN (env or config). Those instructions operate only within the skill workspace and call the AtomGit API. Minor inconsistencies: SKILL.md uses path 'atomgit-ps' in one place while other metadata/paths use 'atomgit-powershell' (double-check install path). The scripts read ~/.openclaw/openclaw.json and ~/.openclaw/config/atomgit.json for tokens—this is expected for credentials but you should inspect those files before use.
Install Mechanism
No install spec (instruction-only). The skill includes PowerShell script files (.ps1.txt) the user is instructed to rename and load. No external downloads or archive extraction occur as part of the skill itself.
Credentials
Only ATOMGIT_TOKEN is required and is used for Authorization to the AtomGit API. The scripts also optionally read local OpenClaw config files (~/.openclaw/*) to obtain the token; this is proportionate to the goal of authenticating API calls. No unrelated credentials or extra secrets are requested.
Persistence & Privilege
Skill does not declare always:true and is user-invocable. It modifies files only in its own workspace (renaming .ps1.txt to .ps1) which matches the declared fileAccess: workspace. It does not request system-wide privileges or modify other skills.
Scan Findings in Context
[no_regex_matches] expected: The repository included only instruction and PowerShell script files; the earlier regex-based scanner reported nothing to flag. That absence of findings does not guarantee safety—manual inspection of the scripts (included here) shows no obvious exfiltration or hidden endpoints beyond api.atomgit.com.
Assessment
This skill appears internally coherent for AtomGit/GitCode operations via PowerShell. Before using it, do the following: (1) Inspect the included .ps1 files yourself (they are bundled as .ps1.txt) to confirm there are no unexpected network endpoints or commands. (2) Verify the install path (SKILL.md sometimes references 'atomgit-ps' vs 'atomgit-powershell') before running rename commands. (3) Restrict the ATOMGIT_TOKEN to least privilege needed (use a token scope limited to repository operations). (4) Keep the token out of logs — the scripts claim to mask tokens but confirm behavior in your environment. (5) Run first in an isolated/sandbox environment if possible, especially when using the parallel batch functions. If you need higher assurance, request a signed or authoritative upstream source (origin of the skill is unknown) or compare the scripts to an official AtomGit client implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk972yzz41j7ymse42bttn2adk983qn6r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔗 Clawdis
OSWindows · Linux · macOS
Binspowershell
EnvATOMGIT_TOKEN