GitVerse API
GitVerse API integration for working with repositories, issues, and pull requests. Use when Codex needs to interact with GitVerse (gitverse.ru) for operation...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 104 · 0 current installs · 0 all-time installs
byVasiliy@webchi
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and documentation implement a GitVerse API client (repos, issues, pulls) consistent with the name/description. However, the registry metadata lists no required environment variables or primary credential, while the SKILL.md and runtime code clearly require GITVERSE_TOKEN (and optionally GITVERSE_BASE_URL). That metadata omission is an incoherence the user should be aware of.
Instruction Scope
SKILL.md instructs building and running the CLI and setting GITVERSE_TOKEN (or .env). The runtime instructions do not ask the agent to read unrelated system files or exfiltrate data. Two small inconsistencies: SKILL.md/README note the API base URL as https://api.gitverse.ru while the code default is 'https://gitverse.ru/api/v1'; and installation examples hard-code a specific Node path (~/.nvm/versions/node/v22.12.0/...), which is brittle but not malicious.
Install Mechanism
This skill is instruction-only in the registry but includes source and built JS and uses standard npm dependencies (@onreza/gitverse-sdk, commander, dotenv). Dependencies are pulled from the public npm registry (package-lock shows resolved tgz). No obscure download URLs, extract steps, or custom installers were observed.
Credentials
The code requires a secret token (GITVERSE_TOKEN) and accepts an optional GITVERSE_BASE_URL. Those are reasonable for an API client, but the skill metadata omits them. The mismatch means automated permission checks could miss that a secret is required. You should verify what token scopes are needed and avoid reusing broader credentials.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and has no install-time steps that alter system-wide settings beyond typical npm install/build. It runs as a CLI using the provided token.
What to consider before installing
This skill's code matches its description (it calls the GitVerse API and outputs JSON), but the registry metadata failed to declare the required environment variables (GITVERSE_TOKEN, optional GITVERSE_BASE_URL). Before installing: 1) Confirm the skill's source/trustworthiness (the registry lists 'Source: unknown' though README points at gitverse.ru); prefer installing from an official ClawHub entry or a vetted repo. 2) Create a token limited to the minimum scopes needed (do not reuse general-purpose or high-privilege credentials). 3) Review the npm dependency @onreza/gitverse-sdk on npm (and its recent history) if you rely on it. 4) Consider installing/building in an isolated environment or container and verify the CLI behavior with a test token. If you cannot verify the source or token scope, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
GitVerse Skill
OpenClaw skill for GitVerse API integration.
When to Use
Use this skill when you need to:
- List or view repositories
- List or view issues
- List, view, or create pull requests
- View repository information
Installation
cd ~/.nvm/versions/node/v22.12.0/lib/node_modules/openclaw/skills/gitverse
npm install
npm run build
Configuration
Set environment variable:
export GITVERSE_TOKEN=your_token_here
Or create .env file in the skill directory:
GITVERSE_TOKEN=your_token_here
Usage
Run commands via node:
node ~/.nvm/versions/node/v22.12.0/lib/node_modules/openclaw/skills/gitverse/dist/index.js <command>
Commands
Repositories
# List your repositories
node dist/index.js repos list
# List organization repositories
node dist/index.js repos list --org <org>
# Get repository info
node dist/index.js repos info --owner <owner> --repo <repo>
Issues
# List issues
node dist/index.js issues list --owner <owner> --repo <repo>
node dist/index.js issues list --owner <owner> --repo <repo> --state open
# View issue
node dist/index.js issues view --owner <owner> --repo <repo> --number <number>
# List issue comments
node dist/index.js issues comments --owner <owner> --repo <repo> --number <number>
Pull Requests
# List pull requests
node dist/index.js pulls list --owner <owner> --repo <repo>
node dist/index.js pulls list --owner <owner> --repo <repo> --state open
# View pull request
node dist/index.js pulls view --owner <owner> --repo <repo> --number <number>
# Create pull request
node dist/index.js pulls create --owner <owner> --repo <repo> --title "Title" --head feature --base main
# List PR commits
node dist/index.js pulls commits --owner <owner> --repo <repo> --number <number>
# List PR files
node dist/index.js pulls files --owner <owner> --repo <repo> --number <number>
Usage with OpenClaw
When you ask me to work with GitVerse, I will use this skill:
"Покажи мои репозитории"
→ node dist/index.js repos list
"Покажи issues в saic/ai_minister"
→ node dist/index.js issues list --owner saic --repo ai_minister
"Создай PR в saic/chatbot"
→ node dist/index.js pulls create --owner saic --repo chatbot --title "..." --head feature --base main
Notes
- Requires GITVERSE_TOKEN environment variable
- API base URL: https://api.gitverse.ru
- Rate limits are handled by the SDK
- All commands output JSON
Publishing to ClawHub
This skill is published on ClawHub.
To install:
clawhub install gitverse
Repository
Source code available on GitVerse.
License
MIT-0
Files
22 totalSelect a file
Select a file to preview.
Comments
Loading comments…