ClawHub

Repomix

v1.0.1

Pack and analyze codebases into AI-friendly single files using Repomix. Use when the user wants to explore repositories, analyze code structure, find pattern...

0· 161·0 current·0 all-time
by@yamadashy

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yamadashy/repomix.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Repomix" (yamadashy/repomix) from ClawHub.
Skill page: https://clawhub.ai/yamadashy/repomix
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: npx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install repomix

ClawHub CLI

Package manager switcher

npx clawhub@latest install repomix
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (pack/analyze repositories) align with required binaries (npx) and the declared node install of the repomix npm package. Asking for npx and offering a repomix CLI is expected and proportionate.
Instruction Scope
SKILL.md instructs the agent to run npx repomix@latest against local or remote repos and to inspect the generated output with grep. This stays within the scope of repository analysis. However, the doc asserts that Repomix "automatically excludes potentially sensitive files (.env, API keys)" — that is a behavioural claim the instructions do not show how to verify. Users should not assume secrets are always excluded without validating output.
Install Mechanism
Install spec uses the npm package 'repomix' which is a common delivery path for CLI tools. Running 'npx repomix@latest' executes code fetched from the npm registry at runtime; this is normal for npm-based CLIs but carries moderate risk if the package or registry account is compromised. There is no use of arbitrary download URLs or obscure hosts.
Credentials
No environment variables, credentials, or config paths are requested. The permissions requested are minimal and consistent with the skill's purpose.
Persistence & Privilege
The skill does not request always:true, does not persist elevated privileges, and is user-invocable only. It does not attempt to modify other skills or system-wide settings.
Assessment
This skill appears coherent for packing and analyzing repositories, but take these precautions before installing or running it: 1) npx repomix@latest will download and execute the package code from the npm registry at runtime — only run it if you trust the package and maintainer, or consider installing a pinned, reviewed version instead of @latest. 2) Do not assume the tool removed secrets — verify the generated output (or run it against a cloned repository with secrets removed) to ensure no sensitive files were included. 3) Prefer outputting to a temporary directory as recommended and inspect file permissions. 4) If you need stronger assurance, review the repomix package source/release on its homepage or install from a pinned release/checked source before running. If you want, I can list specific commands to run safely (e.g., how to pin a version, audit the package, or run it in a disposable environment).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📦 Clawdis
Binsnpx

Install

Install Repomix CLI (npm)
Bins: repomix
npm i -g repomix
latestvk97a71pb083yh7pab25txnspw183ae7k
161downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
@yamadashy
latest
Download

Repomix — Codebase Packer & Analyzer

Pack entire codebases into a single, AI-friendly file for analysis. Repomix intelligently collects repository files, respects .gitignore, runs security checks, and generates structured output optimized for LLM consumption.

When to Use

  • "Analyze this repo" / "Explore this codebase"
  • "What's the structure of facebook/react?"
  • "Find all authentication-related code"
  • "How many tokens is this project?"
  • "Pack this repo for AI analysis"
  • "Show me the main components of vercel/next.js"

Quick Reference

Pack a Remote Repository

npx repomix@latest --remote <owner/repo> --output /tmp/<repo-name>-analysis.xml

Always output to a temporary directory (/tmp on Unix, %TEMP% on Windows) for remote repositories to avoid polluting the user's working directory.

Pack a Local Directory

npx repomix@latest [directory] --output /tmp/<name>-analysis.xml

Key Options

OptionDescription
--style <format>Output format: xml (default, recommended), markdown, plain, json
--compressTree-sitter compression (~70% token reduction) — use for large repos
--include <patterns>Include only matching patterns (e.g., "src/**/*.ts,**/*.md")
--ignore <patterns>Additional ignore patterns
--output <path>Custom output path (default: repomix-output.xml)
--remote-branch <name>Specific branch, tag, or commit (for remote repos)

Workflow

Step 1: Pack the Repository

Choose the appropriate command based on the target:

# Remote repository (always output to /tmp)
npx repomix@latest --remote yamadashy/repomix --output /tmp/repomix-analysis.xml

# Large remote repo with compression
npx repomix@latest --remote facebook/react --compress --output /tmp/react-analysis.xml

# Local directory
npx repomix@latest ./src --output /tmp/src-analysis.xml

# Specific file types only
npx repomix@latest --include "**/*.{ts,tsx,js,jsx}" --output /tmp/filtered-analysis.xml

Step 2: Check Command Output

The command displays:

  • Files processed: Number of files included
  • Total characters: Size of content
  • Total tokens: Estimated AI tokens
  • Output file location: Where the file was saved

Note the output file location for subsequent analysis.

Step 3: Analyze the Output

Structure overview:

  1. Search for the file tree section (near the beginning of the output)
  2. Check the metrics summary for overall statistics

Search for patterns (use the output file path from Step 2):

# Find exports and main entry points
grep -iE "export.*function|export.*class" <output-file>

# Search with context
grep -iE -A 5 -B 5 "authentication|auth" <output-file>

# Find API endpoints
grep -iE "router|route|endpoint|api" <output-file>

# Find database models
grep -iE "model|schema|database|query" <output-file>

Read specific sections using offset/limit for large outputs.

Step 4: Report Findings

  • Metrics: Files, tokens, size from command output
  • Structure: Directory layout from file tree analysis
  • Key findings: Based on pattern search results
  • Next steps: Suggestions for deeper exploration

Best Practices

  1. Use --compress for large repos (>100k lines) to reduce token usage by ~70%
  2. Use pattern search first before reading entire output files
  3. Use a temporary directory for output (/tmp on Unix, %TEMP% on Windows) to keep the user's workspace clean
  4. Use --include to focus on specific parts of a codebase
  5. XML is the default and recommended format — it has clear file boundaries for structured analysis

Output Formats

FormatBest For
XML (default)Structured analysis, clear file boundaries
MarkdownHuman-readable documentation
PlainSimple grep-friendly output
JSONProgrammatic/machine analysis

Error Handling

  • Command fails: Check error message, verify repository URL/path, check permissions
  • Output too large: Use --compress, narrow scope with --include
  • Network issues (remote): Verify connection, suggest local clone as alternative
  • Pattern not found: Try alternative patterns, check file tree to verify files exist

Security

Repomix automatically excludes potentially sensitive files (API keys, credentials, .env files) through built-in security checks. Trust its security defaults unless the user explicitly requests otherwise.

Comments

Loading comments...