atomgit
v3.0.0AtomGit/GitCode 仓库管理技能,提供用户、仓库、Issue、PR、文件、分支等 API 操作。AtomGit 和 GitCode 是同一平台的不同域名(atomgit.com / gitcode.com),共享相同的 API 后端。
⭐ 1· 159·1 current·1 all-time
bywei dong@weidongkl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is an AtomGit/GitCode API helper and only requests a single platform token (ATOMGIT_TOKEN). All declared requirements (a bearer token) match the documented purpose (calling repository, issue, PR, user APIs).
Instruction Scope
SKILL.md is instruction-only and contains many curl examples for API endpoints (including destructive ones like repo deletion and adding SSH keys). This is expected for a full-featured repo-management skill, but users should be aware that the token grants powerful repo-level actions. Minor inconsistency: examples use $TOKEN while metadata names ATOMGIT_TOKEN.
Install Mechanism
No install spec and no code files — instruction-only skill. No binaries or downloads are installed, which minimizes installation risk.
Credentials
Only ATOMGIT_TOKEN is required, which is proportionate to the stated API integration. However, the token scopes listed (api, write_repository, issues, pull_requests, etc.) are broad and permit destructive operations; users should limit token scopes and lifetime where possible.
Persistence & Privilege
always is false and the skill does not request system-level persistence. It suggests adding the token to the user's OpenClaw config or shell env, which is a normal setup step.
Assessment
This instruction-only skill appears coherent with its purpose, but before installing: 1) Verify the skill source (no homepage/source provided) — exercise caution with unknown-origin skills. 2) Create a dedicated AtomGit/GitCode personal access token with the minimal scopes needed (avoid granting broad write/delete access unless required). 3) Prefer short-lived or repository-scoped tokens and avoid using organization-wide or highly privileged tokens. 4) Note that the SKILL.md contains destructive endpoints (delete repo, transfer, add SSH keys) — only enable the skill if you trust it and understand those risks. 5) The SKILL.md examples use $TOKEN while the declared env var is ATOMGIT_TOKEN — set the environment variable the skill expects (ATOMGIT_TOKEN) or confirm mapping in your gateway config. 6) If you need stronger assurance, request the skill publisher/source code or a verifiable homepage before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977d9bge2afr9dstgvch82hmd83cfc1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvATOMGIT_TOKEN
Primary envATOMGIT_TOKEN