repo-scout

v1.0.0

Discover, evaluate, and rank GitHub repositories in any ecosystem or domain. Produces a structured ranking document with star counts, languages, issue health...

⭐ 0· 108·0 current·0 all-time

byBijin@sliverp

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sliverp/repo-scout.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "repo-scout" (sliverp/repo-scout) from ClawHub.
Skill page: https://clawhub.ai/sliverp/repo-scout
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install repo-scout

ClawHub CLI

Package manager switcher

npx clawhub@latest install repo-scout

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md explicitly requires an authenticated GitHub CLI (gh) and suggests providing a GH_TOKEN; however, the registry metadata declares no required binaries, no required environment variables, and no primary credential. That is an internal inconsistency: a GitHub token and gh binary are legitimate for the skill's purpose, but they should be declared by the manifest.

ℹ

Instruction Scope

Instructions stay within the stated purpose: searching GitHub, inspecting repo files (CONTRIBUTING.md, .github/workflows), running gh issue commands, and writing a ranking markdown into the workspace. They do ask the user to provide or export a GH_TOKEN and GitHub username if CLI auth is not present. There are no instructions to read unrelated local files or exfiltrate data to unexpected endpoints.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no code files, which is low-risk from an installation payload perspective.

Credentials

The runtime needs a GitHub token (GH_TOKEN) and an authenticated gh CLI to avoid rate limits and access private data, but the manifest did not declare these environment or credential requirements. Requesting a token is proportional to the functionality, but the undeclared credential is a transparency/manifest issue and increases risk if users supply a token with overly broad scopes.

✓

Persistence & Privilege

The skill does not request 'always' presence, does not modify other skills, and only writes an output file to the workspace as described. Autonomous invocation is allowed by default but not combined with other privilege red flags here.

What to consider before installing

What to consider before installing and running repo-scout: - The SKILL.md asks you to use an authenticated GitHub CLI or provide a GH_TOKEN; the skill manifest did not declare this. Treat that as a manifest bug and exercise caution. - Only provide a GitHub token with the minimal scopes needed (read-only repo access or fine-grained token scoped to public repositories). Do NOT supply a full org-admin or write-scoped token. - Prefer authenticating gh locally (gh auth login) rather than pasting a token into a UI or environment that you don't control. If you must export GH_TOKEN, do so in a temporary shell and revoke the token after use. - Review the generated {workspace}/ecosystem-top{N}.md before using downstream workflows. The skill will run gh and fetch repo files; verify outputs for sensitive info before sharing. - Ask the skill author/registry maintainer to update the manifest to declare required binaries (gh) and required env vars (GH_TOKEN) so the platform can surface the requirement transparently. - Because this is instruction-only (no install code), the immediate code risk is low, but the undeclared credential requirement is the main concern. If you need higher assurance, request the author to provide an explicit list of required gh scopes and to confirm the skill will not transmit the token elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbby7155smr0ze047sx4hxn83gvha

108downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Repo Scout — Repository Discovery & Ranking

Overview

Systematically discover and rank GitHub repositories in a given ecosystem. Produces a structured, actionable ranking document.

Use cases: Open-source contribution targeting, technology landscape surveys, competitive analysis, ecosystem exploration.

Prerequisites

Before starting, the user must have GitHub CLI authenticated:

gh auth status   # Must show "Logged in"

If not configured, ask the user to provide:

GitHub username — for searching and attribution
GitHub token — run gh auth login or set export GH_TOKEN=<token>

Without auth, gh API calls will hit rate limits quickly and private repo data won't be accessible.

Workflow

Step 1: Define Scope

Ask the user for (with sensible defaults):

Parameter	Default	Example
Ecosystem keyword(s)	(required)	"AI agent", "LLM tools", "Kubernetes"
Target count	15	top 15 by stars
Minimum stars	5,000	Filter out small repos
Language filter	(any)	Python, TypeScript
Additional criteria	(none)	"must have bug label issues"

Step 2: Search & Collect

Use multiple search strategies to find candidates:

Search strategies:
1. GitHub search: "{keyword}" sorted by stars
2. "awesome-{keyword}" curated lists
3. GitHub trending in the domain
4. Web search for "{keyword} top open-source projects {year}"

For each candidate repository, collect:

Data Point	How to Get
Star count	GitHub API / web
Primary language	GitHub API
Last commit date	GitHub API
Open issue count	GitHub API
Bug-labeled issues	`gh issue list --label bug --state open --limit 5`
`good first issue` count	GitHub search
CONTRIBUTING.md exists?	Check repo root
CI configured?	Check `.github/workflows/`
PR template exists?	Check `.github/PULL_REQUEST_TEMPLATE.md`
License	GitHub API

Step 3: Score & Rank

Score each repository on a contribution friendliness scale:

Factor	Weight	Scoring
Actionable bug issues	30%	3=many clear bugs, 1=none
Activity (recent commits)	20%	3=daily, 2=weekly, 1=monthly+
Contribution docs	15%	3=CONTRIBUTING+template, 2=partial, 1=none
CI/CD health	15%	3=green CI, 2=partial, 1=none
Community size (stars)	10%	3=>50K, 2=>10K, 1=>5K
Response time to PRs	10%	3=<3d, 2=<7d, 1=>7d

Step 4: Filter Out

Mark repositories to skip if:

Non-code repo (awesome-lists, documentation-only, resource collections)
Desktop/mobile UI bugs requiring hardware access
No actionable bug issues (only feature requests or stale issues)
Archived or unmaintained (no commits in 6+ months)
Hostile contribution environment (PRs routinely ignored)

Step 5: Produce Ranking Document

Write {workspace}/ecosystem-top{N}.md:

# {Ecosystem} — Top {N} Repositories

> Generated: {date}
> Keywords: {keywords}
> Minimum stars: {min_stars}

## Rankings

| Rank | Repository | Stars | Language | Open Bugs | Score | Notes |
|------|-----------|-------|----------|-----------|-------|-------|
| 1 | owner/repo | 45.2K | Python | 12 | 8.5/10 | Active, good docs |
| 2 | ... | ... | ... | ... | ... | ... |

## Skipped Repositories

| Repository | Reason |
|-----------|--------|
| owner/repo | Non-code (awesome-list) |

## Detailed Profiles

### 1. owner/repo (45.2K ⭐)
- **Language**: Python
- **Last commit**: 2 days ago
- **Open issues**: 234 (12 labeled `bug`)
- **CONTRIBUTING.md**: ✅
- **CI**: ✅ GitHub Actions
- **Score breakdown**: Activity 3/3, Bugs 3/3, Docs 2/3, CI 3/3, Community 2/3, Response 2/3
- **Notes**: Very active, welcoming community

Output

{workspace}/ecosystem-top{N}.md — Structured ranking document ready for downstream use

Tips

When used as part of a contribution campaign, the output feeds directly into the issue-hunter skill for issue analysis.
For technology evaluation, the ranking + detailed profiles are the final deliverable.
Re-run periodically to catch ecosystem changes.

Comments

Loading comments...