GitCode PR comment fix
v1.0.0按 GitCode PR 检视意见修改代码。需 GITCODE_TOKEN。Use when 用户要修改 PR 检视意见。
⭐ 0· 77·0 current·0 all-time
bydo_while_true@autoxj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required env var (GITCODE_TOKEN), SKILL.md, README, and included script all target GitCode PR review workflows (fetching unresolved diff comments, optionally replying and marking discussions resolved). The resources requested (a GitCode token) are appropriate for that purpose.
Instruction Scope
SKILL.md prescribes a strict flow: fetch context JSON, present items to the user, await explicit scope confirmation, then (if confirmed) apply local code changes and optionally reply/resolve on GitCode. The provided script implements the fetch/reply/resolve API interactions; the SKILL.md intentionally places code edits under the agent/user control rather than as an automated 'apply' subcommand. The instructions explicitly forbid sending replies or resolving remote discussions without user confirmation.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a Python script that uses only the standard library. This is a low-risk delivery model (nothing written to disk by an installer).
Credentials
Only GITCODE_TOKEN is required (declared as primaryEnv). The script reads the token from the environment or a CLI flag. On Windows it includes a fallback to query system/user environment variables via a PowerShell call, which is intended to locate GITCODE_TOKEN but is the only additional system access; no other credentials or unrelated env variables are requested.
Persistence & Privilege
The skill does not request permanent/always-inclusion (always:false), does not modify other skills or system configuration, and has no install step that persists components beyond the script files. Autonomous invocation is allowed by default but is not combined with other red flags here.
Assessment
This skill appears coherent and focused on GitCode PR review workflows, but before installing or running it: (1) review the included script text yourself to confirm it behaves as stated (it uses the GitCode API and standard-library Python only); (2) only provide a GitCode token with the minimal scope needed and avoid pasting tokens into chat messages — prefer setting GITCODE_TOKEN in the environment or passing --token at runtime; (3) be aware the SKILL.md directs the agent to edit files in your repository (it requires the agent to open/modify local files after you confirm the change scope), so run it in the correct repo and ensure you have backups or version control; (4) note the script has a Windows fallback that calls PowerShell to read environment variables (this only tries to obtain GITCODE_TOKEN but is a privileged local read), so if you are uncomfortable with that behavior run on a non-Windows environment or inspect/modify the script before use; (5) rotate or revoke the token when no longer needed.Like a lobster shell, security has layers — review code before you run it.
latestvk979b9bmznqtmcdf0b3zz903x583rw0k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvGITCODE_TOKEN
Primary envGITCODE_TOKEN