Github Collab
GitHub Collab enables multi-Agent collaboration for automated project creation, task splitting, assignment, tracking, and progress reporting using GitHub int...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 94 · 1 current installs · 1 all-time installs
by@wljmmx
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description describe a GitHub multi-agent project tool and the included code (src/, scripts/, db/) implements that. However the registry metadata declares no required env vars/credentials while the SKILL.md and .env clearly reference GITHUB_TOKEN and Git push workflows. Not declaring the GitHub credential while the skill both documents and contains code that uses it is an inconsistency.
Instruction Scope
SKILL.md gives procedural instructions that include authenticating to GitHub (gh auth login) or exporting GITHUB_TOKEN and then running git push --force. Those steps are within the stated GitHub remit, but they grant the skill the ability to modify remote repositories (including forced overwrite). The documentation files also include push reports and a file that contains a token-like prefix — documentation contains operational artifacts that could constitute secret leakage or demonstrate the skill ran privileged operations already.
Install Mechanism
No install spec is declared (instruction-only), which is lower risk for automatic installation. However the package contains a full codebase (many src/ files, scripts, package-lock.json) despite the 'instruction-only' label — this mismatch means there is non-trivial code bundled with the skill that could be executed if the user runs it locally; it should be code-reviewed before execution.
Credentials
The skill's files and documentation expect a GITHUB_TOKEN and other env variables (.env lists many, including GITHUB_TOKEN). The registry shows 'required env vars: none' which understates the credential needs. Additionally, GITHUB_PUSH_SUCCESS.md includes a partial token-like string ('github_pat_11AH2KORQ0UNWi8Mt2C9M5_...') — presence of PAT-like values in repository files is a sensitive artifact and could mean secrets were committed. Requiring or using a GitHub PAT is reasonable for GitHub operations, but it must be declared and handled carefully (least privilege, not embedded in repo).
Persistence & Privilege
The skill is not always-included and does not request system-level config paths or special platform privileges. disable-model-invocation is false (normal). There is no 'always: true' or other elevated persistence requested in the registry metadata.
What to consider before installing
This package appears to implement the claimed GitHub collaboration functionality, but there are important red flags you should address before installing or running it:
- Secrets: Inspect the repository for embedded credentials. GITHUB_PUSH_SUCCESS.md contains a PAT-like prefix. Treat any found tokens as compromised, rotate them immediately, and do not run the code until embedded secrets are removed.
- Declared vs required env vars: The registry metadata lists no required env vars, but the code and SKILL.md expect GITHUB_TOKEN and other environment settings. Assume the skill will try to use a GitHub token for pushing — only provide a least-privilege PAT (scoped to the minimum repo permissions) or use a read-only token if possible.
- Forced pushes and destructive Git actions: The docs instruct git push --force in places. If you run scripts, they may overwrite remote branches. Test in an isolated repository or fork and avoid running automatic push scripts against important repos.
- Code review: The package bundles many scripts, CLI tools and DB code. Review src/scripts/* and package.json scripts for any commands that execute shell commands, perform network calls, or read local files. Do not run npm install && npm run without auditing dependencies and scripts first.
- Remove / .env handling: The package includes a .env example and references local DB paths. Ensure you run in an isolated environment and do not point the skill at any production databases or credential stores.
- If you need this skill: run it in a sandboxed environment (isolated VM or container), provide an ephemeral, minimally scoped GitHub token, and scan the files with a secret scanner before use.
If you want, I can: 1) enumerate files that mention GITHUB_TOKEN or github_pat-like strings, 2) highlight scripts that perform git push/force operations, or 3) produce a short checklist to safely run this skill in a sandbox.src/scripts/main.js:28
Shell command execution detected (child_process).
src/scripts/progress-report.js:12
Shell command execution detected (child_process).
src/scripts/scheduler.js:45
Shell command execution detected (child_process).
src/tests/test-all.js:26
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.4
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
GitHub Collaboration Skill Documentation
GitHub 项目协作开发技能 - 多 Agent 协同编程系统
📋 概述
GitHub Collaboration Skill 是一个基于多 Agent 架构的 GitHub 项目协作开发系统。该系统支持 DevAgent、TestAgent、ReviewAgent 等多种 Agent 协同工作,实现任务的自动分配、执行、审查和测试。
核心特性
- 多 Agent 协同: 支持多种 Agent 类型分工协作
- 任务管理: 完整的任务生命周期管理
- 项目管理: 项目创建、任务规划、进度跟踪
- 配置化: 所有配置可通过环境变量调整
- 性能优化: 查询缓存、批量操作、N+1 优化
- 自动恢复: Agent 崩溃自动恢复机制
🏗️ 架构设计
系统架构
┌─────────────────────────────────────────────────┐
│ Main Controller │
│ (主控制器:任务调度、Agent 管理、并行控制) │
└─────────────────────────────────────────────────┘
│
┌───────────┼───────────┐
▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ DevAgent │ │ TestAgent │ │ ReviewAgent │
│ (开发 Agent) │ │ (测试 Agent) │ │ (审查 Agent) │
└─────────────┘ └─────────────┘ └─────────────┘
│ │ │
└───────────┼───────────┘
▼
┌─────────────────────────┐
│ Task Manager │
│ (任务管理:分配、跟踪) │
└─────────────────────────┘
│
┌───────────┼───────────┐
▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Projects │ │ Tasks │ │ Agents │
│ (项目数据) │ │ (任务数据) │ │ (Agent 数据) │
└─────────────┘ └─────────────┘ └─────────────┘
│
┌───────────┴───────────┐
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ Database │ │ Performance │
│ (统一数据库) │ │ Monitoring │
└─────────────────┘ └─────────────────┘
模块结构
核心模块 (src/core/)
-
main-controller.js - 主控制器
- Agent 启动/停止
- 任务调度
- 并行数量控制
- 自动恢复
-
dev-agent.js - 开发 Agent
- 代码生成
- 任务执行
- 代码审查
-
test-agent.js - 测试 Agent
- 测试用例生成
- 测试执行
- 结果报告
-
task-manager-enhanced.js - 增强任务管理器
- 任务分配
- 依赖管理
- 优先级调度
数据库模块 (src/db/)
-
database-manager.js - 数据库管理器
- 统一数据库连接管理
- 配置化路径
- 性能监控
-
agent-manager.js - Agent 管理
- Agent 增删改查
- Agent 状态管理
-
task-manager.js - 任务管理
- 任务增删改查
- 任务状态管理
-
config-manager.js - 配置管理
- 系统配置管理
- 配置持久化
-
project-manager.js - 项目管理
- 项目增删改查
- 项目进度跟踪
-
task-dependency-manager.js - 任务依赖管理
- 依赖关系管理
- 依赖解析
-
task-distribution-manager.js - 任务分发管理
- 任务分配策略
- 负载均衡
CLI 脚本 (src/scripts/)
- cli-commands.js - 通用命令系统
- task-cli.js - 任务管理 CLI
- project-manager.js - 项目管理 CLI
- agent-assign.js - Agent 分配 CLI
- agent-queue.js - Agent 队列 CLI
- config-cli.js - 配置管理 CLI
🗄️ 数据库架构
统一数据库
文件名: github-collab.db
位置: ./src/db/ (可配置)
类型: SQLite 3
大小: 92KB
数据表结构
1. agents (Agent 信息)
CREATE TABLE agents (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL,
type TEXT NOT NULL,
status TEXT DEFAULT 'idle',
capabilities TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
2. tasks (任务信息)
CREATE TABLE tasks (
id INTEGER PRIMARY KEY AUTOINCREMENT,
title TEXT NOT NULL,
description TEXT,
priority INTEGER DEFAULT 5,
status TEXT DEFAULT 'pending',
project_id INTEGER,
assigned_to INTEGER,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (project_id) REFERENCES projects(id),
FOREIGN KEY (assigned_to) REFERENCES agents(id)
);
3. projects (项目信息)
CREATE TABLE projects (
id INTEGER PRIMARY KEY AUTOINCREMENT,
name TEXT NOT NULL,
description TEXT,
status TEXT DEFAULT 'active',
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
4. task_assignments (任务分配)
CREATE TABLE task_assignments (
id INTEGER PRIMARY KEY AUTOINCREMENT,
task_id INTEGER NOT NULL,
agent_id INTEGER NOT NULL,
assigned_at DATETIME DEFAULT CURRENT_TIMESTAMP,
completed_at DATETIME,
FOREIGN KEY (task_id) REFERENCES tasks(id),
FOREIGN KEY (agent_id) REFERENCES agents(id)
);
5. task_dependencies (任务依赖)
CREATE TABLE task_dependencies (
id INTEGER PRIMARY KEY AUTOINCREMENT,
task_id INTEGER NOT NULL,
depends_on INTEGER NOT NULL,
dependency_type TEXT DEFAULT 'blocks',
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (task_id) REFERENCES tasks(id),
FOREIGN KEY (depends_on) REFERENCES tasks(id)
);
6. configs (系统配置)
CREATE TABLE configs (
id INTEGER PRIMARY KEY AUTOINCREMENT,
key TEXT UNIQUE NOT NULL,
value TEXT,
description TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
7. performance_metrics (性能指标)
CREATE TABLE performance_metrics (
id INTEGER PRIMARY KEY AUTOINCREMENT,
metric_type TEXT NOT NULL,
metric_name TEXT NOT NULL,
value REAL NOT NULL,
unit TEXT,
recorded_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
8. message_logs (消息日志)
CREATE TABLE message_logs (
id INTEGER PRIMARY KEY AUTOINCREMENT,
agent_id INTEGER,
message TEXT NOT NULL,
level TEXT DEFAULT 'info',
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (agent_id) REFERENCES agents(id)
);
9. task_history (任务历史)
CREATE TABLE task_history (
id INTEGER PRIMARY KEY AUTOINCREMENT,
task_id INTEGER NOT NULL,
old_status TEXT,
new_status TEXT,
changed_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (task_id) REFERENCES tasks(id)
);
10. sessions (会话管理)
CREATE TABLE sessions (
id INTEGER PRIMARY KEY AUTOINCREMENT,
session_id TEXT UNIQUE NOT NULL,
agent_id INTEGER,
task_id INTEGER,
status TEXT DEFAULT 'active',
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
ended_at DATETIME,
FOREIGN KEY (agent_id) REFERENCES agents(id),
FOREIGN KEY (task_id) REFERENCES tasks(id)
);
11. agent_configs (Agent 配置)
CREATE TABLE agent_configs (
id INTEGER PRIMARY KEY AUTOINCREMENT,
agent_id INTEGER NOT NULL,
config_key TEXT NOT NULL,
config_value TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (agent_id) REFERENCES agents(id)
);
12. config (配置表 - 备用)
CREATE TABLE config (
id INTEGER PRIMARY KEY AUTOINCREMENT,
key TEXT UNIQUE NOT NULL,
value TEXT
);
⚙️ 配置系统
配置优先级
- 环境变量 (最高优先级)
- 配置文件 (.github-collab-config.json)
- 默认配置 (最低优先级)
配置项
数据库配置
| 配置项 | 默认值 | 环境变量 | 说明 |
|---|---|---|---|
| DATABASE_TYPE | sqlite3 | DATABASE_TYPE | 数据库类型 |
| DATABASE_NAME | github-collab | DATABASE_NAME | 数据库文件名 |
| DATABASE_DIR | ./src/db | DATABASE_DIR | 数据库目录 |
| DATABASE_PATH | (自动生成) | DATABASE_PATH | 完整路径 |
| DATABASE_POOL_SIZE | 10 | DATABASE_POOL_SIZE | 连接池大小 |
| DATABASE_TIMEOUT | 5000 | DATABASE_TIMEOUT | 查询超时(毫秒) |
性能配置
| 配置项 | 默认值 | 环境变量 | 说明 |
|---|---|---|---|
| CACHE_TTL | 300 | CACHE_TTL | 缓存过期时间(秒) |
| CACHE_MAX_SIZE | 500 | CACHE_MAX_SIZE | 缓存最大条目数 |
Agent 配置
| 配置项 | 默认值 | 环境变量 | 说明 |
|---|---|---|---|
| MAX_PARALLEL_AGENTS | 3 | MAX_PARALLEL_AGENTS | 最大并行 Agent 数 |
| AUTO_RECOVERY | true | AUTO_RECOVERY | 自动恢复 |
| PRIORITY_THRESHOLD | 5 | PRIORITY_THRESHOLD | 优先级阈值 |
配置示例
环境变量配置
# 数据库配置
export DATABASE_TYPE=sqlite3
export DATABASE_NAME=my-custom-db
export DATABASE_DIR=/path/to/db
export DATABASE_PATH=/full/path/to/database.db
# 性能配置
export DATABASE_POOL_SIZE=20
export DATABASE_TIMEOUT=10000
export CACHE_TTL=600
# Agent 配置
export MAX_PARALLEL_AGENTS=5
export AUTO_RECOVERY=true
export PRIORITY_THRESHOLD=3
配置文件 (.github-collab-config.json)
{
"database": {
"type": "sqlite3",
"name": "github-collab",
"path": "./src/db/github-collab.db",
"poolSize": 10,
"timeout": 5000
},
"cache": {
"ttl": 300,
"maxSize": 500
},
"agent": {
"maxParallel": 3,
"autoRecovery": true,
"priorityThreshold": 5
}
}
🚀 使用指南
初始化
# 安装依赖
npm install
# 初始化数据库
node src/scripts/init-db.js
# 运行主程序
node src/index.js
CLI 命令
项目管理
# 创建项目
node src/scripts/project-manager.js create --name "My Project" --description "Description"
# 列出项目
node src/scripts/project-manager.js list
# 查看项目详情
node src/scripts/project-manager.js show --id 1
任务管理
# 添加任务
node src/scripts/task-cli.js add --title "Task Title" --priority 5 --projectId 1
# 列出任务
node src/scripts/task-cli.js list
# 查看任务详情
node src/scripts/task-cli.js show --id 1
# 更新任务状态
node src/scripts/task-cli.js update --id 1 --status "in_progress"
Agent 管理
# 分配任务给 Agent
node src/scripts/agent-assign.js assign --taskId 1 --agentId 1
# 查看 Agent 队列
node src/scripts/agent-queue.js list
配置管理
# 查看配置
node src/scripts/config-cli.js get --key "database.type"
# 设置配置
node src/scripts/config-cli.js set --key "database.type" --value "sqlite3"
代码集成
const { getDatabaseManager } = require('./src/db/database-manager');
const AgentManager = require('./src/db/agent-manager');
const TaskManager = require('./src/db/task-manager');
// 初始化
const dbManager = getDatabaseManager();
dbManager.init();
// 使用 Agent 管理器
const agentManager = new AgentManager();
const agents = agentManager.getAllAgents();
// 使用任务管理器
const taskManager = new TaskManager();
const tasks = taskManager.getAllTasks();
// 关闭连接
dbManager.close();
📊 性能优化
查询优化策略
-
缓存机制
- 查询结果缓存
- 缓存过期时间可配置
- LRU 淘汰策略
-
批量查询
- 合并多个查询为一次批量查询
- 减少数据库往返次数
-
N+1 优化
- 批量加载关联数据
- 避免循环查询
-
索引优化
- 关键查询字段建立索引
- 定期分析查询性能
-
WAL 模式
- 启用 Write-Ahead Logging
- 提高并发性能
性能指标
- 初始化时间:< 100ms
- 查询响应时间:< 10ms
- 缓存命中率:> 80%
- 内存占用:< 50MB
🧪 测试
运行测试
# 配置测试
node test-config.js
# 数据库配置测试
node test-database-config.js
# 完整功能测试
node test-full.js
# 集成测试
node test-integration.js
测试覆盖
- ✅ 配置系统测试
- ✅ 数据库管理器测试
- ✅ Agent 管理器测试
- ✅ 任务管理器测试
- ✅ 配置管理器测试
- ✅ 数据库查询测试
- ✅ 环境变量覆盖测试
- ✅ 自定义路径测试
📝 更新日志
v1.0.0 (2026-03-27)
- ✅ 完成数据库合并(4 个 → 1 个)
- ✅ 完成配置化重构
- ✅ 完成性能优化
- ✅ 完成测试验证
- ✅ 完成文档更新
🤝 贡献
欢迎提交 Issue 和 Pull Request!
📄 License
MIT License
版本: 1.0.0
更新日期: 2026-03-27
状态: ✅ 配置化完成,测试通过
维护者: 小码
Files
184 totalSelect a file
Select a file to preview.
Comments
Loading comments…