Generate reply drafts for a single GitCode issue with similar-issue references; maintainer reviews before posting. Use when user asks to reply to or comment...
Security Analysis
high confidenceThe skill's code, declared requirements, and runtime instructions align with its stated purpose (generating and optionally posting GitCode issue replies); the only notable privacy surface is an optional DeepWiki network call that may send issue/repo content to a third party.
Name/description (generate reply drafts for a GitCode issue) match the implementation: scripts fetch issue data, assemble prompts, and can post comments. The single required secret is GITCODE_TOKEN which is necessary and appropriate for calling the GitCode API.
SKILL.md is explicit and scoped: it only runs the included scripts (prepare_issue_reply.py, post_comment.py), requires user confirmation before posting, and instructs where to write temporary files. One noteworthy behavior: if the requests library is present, prepare_issue_reply.py will call the DeepWiki MCP endpoint (mcp.deepwiki.com) with repository and question data to enrich the prompt — this transmits repo/issue content to an external service. The skill otherwise does not read unrelated files or other credentials.
No install spec (instruction-only with bundled scripts). Nothing is downloaded from external URLs or installed automatically; scripts run from the skill directory. This is a low-risk install profile.
The only required environment variable is GITCODE_TOKEN (declared as primary), which is appropriate. get_token also attempts to read Windows user/machine environment variables via a PowerShell call when process env lacks the token — behavior is consistent with trying multiple env scopes. The privacy concern is optional: issue/repo text may be sent to a third-party DeepWiki endpoint when requests is installed.
The skill is not always-enabled and does not request system-wide persistence or modify other skills. It only posts comments when the user explicitly confirms; first-round behavior is read-only.
Guidance
This skill appears to be what it says: it fetches GitCode issue data (using GITCODE_TOKEN), prepares prompts for an LLM, shows a draft to the maintainer, and only posts when the maintainer explicitly confirms. Before installing or running: 1) ensure the GITCODE_TOKEN you provide has only the necessary scope for posting comments (least privilege). 2) Be aware that if the Python requests package is available, the skill will call https://mcp.deepwiki.com and may send repository/issue content to that external service to enrich replies — remove/uninstall requests or inspect/modify prepare_issue_reply.py if you want to avoid that network call. 3) Review the included scripts (they are bundled) before use; although they look consistent with the described purpose, running code from an unknown source always carries risk. If you want tighter assurance, request the full, untruncated prepare_issue_reply.py or run the scripts in an isolated environment.
Latest Release
v1.0.0
gitcode-issue-reply v1.0.0 - 🎉 初始版本发布 - 支持生成 GitCode Issue 回复草稿,并参考相似历史 Issue - 维护者需审阅草稿并明确「发送」后才会正式评论 - 提供 DeepWiki 查询(如可用)辅助生成回复
More by @autoxj
Published by @autoxj on ClawHub
