Generate daily operations reports for GitCode repositories with key metrics, AI summaries and Markdown output. 将 GitCode 上配置的仓库运营数据整理成日报输出;支持关键指标统计、AI 摘要与 Ma...
Security Analysis
high confidenceThe skill's code, instructions, and required environment variables are consistent with a GitCode repository daily-report generator; it needs only a GITCODE_TOKEN and writes local report files/SQLite DB as documented.
Name/description (generate daily reports for GitCode repos) align with requested credential (GITCODE_TOKEN), included Python script, templates, and DB usage. The script calls only the GitCode API (api.gitcode.com) and performs metrics, rendering, and local storage as described.
SKILL.md instructs the agent to run the included script, read/write config.json, create/read temp_dir/report.json and summaries.json, and write summaries into a local SQLite DB during rendering. These actions are within the stated purpose but are persistent (config.json and resources/report.db are modified). The SKILL.md also instructs hiding implementation details from the user (UI behavior), which is a non-security but noteworthy detail.
No install spec; instruction-only plus an included Python script. No network downloads or package installs are performed by the skill itself, minimizing installation risk.
Only GITCODE_TOKEN is declared/used. The script checks process env and, on Windows, user/machine environment variables via PowerShell to locate the token — which is consistent with authentication needs. No unrelated credentials or secrets are requested.
The skill persists data locally: it may write config.json (repos list), temp_dir/report.json, summaries.json, and resources/report.db (SQLite). This file and DB writing is documented and proportional to the functionality, but is persistent on disk and will modify files within the skill directory.
Guidance
This skill appears to do what it says: it will run the included Python script, contact api.gitcode.com using the provided GITCODE_TOKEN, and write report JSON, summaries, and a local SQLite DB (resources/report.db) plus update config.json when you save repos. Before installing/using: (1) ensure the GITCODE_TOKEN you provide has only the minimal scope needed for reading repo/PR/issue data; (2) be aware the skill will persist config.json and report.db in the skill directory; (3) if running on Windows, the script may query user/machine environment variables via PowerShell to locate the token — review that behavior if you have policies about environment access; (4) if you need stricter isolation, run the script in a controlled environment or inspect the included script yourself. Overall, nothing in the package appears disproportionate or unrelated to generating GitCode reports.
Latest Release
v1.0.0
gitcode-repo-daily v1.0.0 - 🎉 初始版本发布 - 📅 支持自动生成 GitCode 仓库日报、统计关键指标 - 🤖 AI 自动生成分仓和全局摘要
More by @autoxj
Published by @autoxj on ClawHub
