gerritaction

v0.1.0

Query Gerrit accounts, changes, groups, or projects and perform actions like adding reviewers, approving, submitting, or deleting changes via the Gerrit API.

⭐ 0· 196·0 current·0 all-time

byJia@craftslab

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for craftslab/gerritaction.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "gerritaction" (craftslab/gerritaction) from ClawHub.
Skill page: https://clawhub.ai/craftslab/gerritaction
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gerritaction

ClawHub CLI

Package manager switcher

npx clawhub@latest install gerritaction

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description (Gerrit queries and change actions) align with the SKILL.md: it describes queries and actions against a Gerrit API and requires a config file with Gerrit host, user, and password.

✓

Instruction Scope

SKILL.md is specific about commands, required config fields, and when to use query-only runs vs destructive actions; it does not instruct reading unrelated files or exfiltrating data to external endpoints.

ℹ

Install Mechanism

No install spec in the registry (instruction-only), but the SKILL.md repeatedly requires running `pip install gerritaction`. Installing an unvetted PyPI package is moderate risk because package provenance and contents are unknown — the skill does not provide a trusted source or checksum.

Credentials

The skill needs Gerrit credentials (user/pass in the provided config.yml) but the registry metadata declares no required credentials or primaryEnv. This mismatch (credentials required by runtime but not declared) is an incoherence that could hide risks (cleartext credentials in config.yml, unclear credential storage expectations).

✓

Persistence & Privilege

always is false, skill is instruction-only and does not request elevated or persistent system privileges or modify other skills' configs.

Scan Findings in Context

[no_code_files_to_scan] expected: The provided package is instruction-only (SKILL.md + config.yml). The regex scanner had no code files to analyze, so there are no pattern matches to report.

What to consider before installing

Before installing or using this skill: 1) Verify the origin and integrity of the Python package `gerritaction` (PyPI page, source repository, maintainer identity and recent activity). 2) Prefer not to store plaintext credentials in a repo-tracked config.yml; use a secure vault or environment variables and confirm how the CLI accepts secrets. 3) Run any actions in query-only mode first and test in a non-production Gerrit instance. 4) Consider installing and running the CLI in an isolated environment (virtualenv or container) so you can inspect the installed package files. 5) The registry metadata should declare required credentials — treat the omission as a red flag and ask the publisher for clarification or a trustworthy source before proceeding.

config.yml:7

Install source points to URL shortener or raw IP.

About static analysis

These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk975cxq66xbeqgrpmwytgebh1n835c6x

196downloads

0stars

1versions

Updated 22h ago

v0.1.0

MIT-0

Gerrit Action Skill

Use the gerritaction worker to query Gerrit resources and apply actions to matching changes through the Gerrit API.

When to use

Use this skill when the user wants to:

query Gerrit accounts
query Gerrit changes
query Gerrit groups
query Gerrit projects
add or delete reviewers on matching changes
add or remove attention set members on matching changes
approve, submit, or delete matching changes

Worker configuration

The worker is configured by skill/config.yml:

apiVersion: v1
kind: worker
metadata:
	name: gerritaction
spec:
	gerrit:
		host: http://127.0.0.1/
		port: 8080
		user: user
		pass: pass

Required fields:

apiVersion: v1
kind: worker
metadata.name: gerritaction
spec.gerrit.host: Gerrit base URL including scheme
spec.gerrit.port: Gerrit port
spec.gerrit.user: Gerrit username
spec.gerrit.pass: Gerrit password

Invocation rules

Install the package with pip install gerritaction before running commands.
Invoke the CLI as gerritaction instead of python action.py.
Always provide --config-file with a .yml or .yaml file.
Provide exactly one query selector: --account-query, --change-query, --group-query, or --project-query.
Only use --change-action together with --change-query in the same invocation.
Use --output-file only for a new .json file path. The command rejects an existing file.
If --output-file is omitted, query results are printed to standard output as JSON.

Supported queries

Account query

Use --account-query to search accounts.

Example:

pip install gerritaction
gerritaction --config-file="skill/config.yml" --account-query="name:john email:example.com"

Change query

Use --change-query to search changes.

Example:

pip install gerritaction
gerritaction --config-file="skill/config.yml" --change-query="status:open since:2024-01-01 until:2024-01-02"

Group query

Use --group-query to search groups.

Example:

pip install gerritaction
gerritaction --config-file="skill/config.yml" --group-query="name:admin member:john"

Project query

Use --project-query to search projects. Project results are enriched with project config, branches, and tags.

Example:

pip install gerritaction
gerritaction --config-file="skill/config.yml" --project-query="name:test state:active"

Supported change actions

The worker supports these change actions:

add-reviewer:account-id[,account-id...]
delete-reviewer:account-id[,account-id...]
add-attention:account-id[,account-id...]
remove-attention:account-id[,account-id...]
approve-change:Label=Value[,Label=Value...]
delete-change
submit-change

Multiple actions can be chained in one --change-action value, separated by spaces.

Example:

pip install gerritaction
gerritaction \
	--config-file="skill/config.yml" \
	--change-query="status:open project:test" \
	--change-action="add-reviewer:1001,1002 approve-change:Code-Review=+2"

Output handling

Use --output-file when the caller needs a persistent JSON artifact.
Account, change, group, and project queries return JSON.
Change actions operate on the changes returned by --change-query.

Example:

pip install gerritaction
gerritaction \
	--config-file="skill/config.yml" \
	--project-query="name:test state:active" \
	--output-file="/tmp/projects.json"

Safety guidance

Prefer a query-only run before destructive or state-changing actions.
Before delete-change or submit-change, make sure the change query is narrow and explicit.
If the user request is ambiguous, ask for the exact Gerrit query or target account IDs before generating the final command.

Recommended behavior for the agent

Generate commands that match the repository CLI exactly.
Keep queries and actions explicit rather than inferred.
When performing change actions, include both --change-query and --change-action in the same command.
When the user asks for structured output, add --output-file with a new .json path.
Surface invalid combinations early, especially a --change-action without --change-query.

Comments

Loading comments...