首页龙虾技能列表 › Copilot Cli Skill — 技能工具

Copilot Cli Skill — 技能工具

v1.0.0

Run GitHub Copilot CLI from OpenClaw for coding tasks in a target project directory. Use when the user asks OpenClaw to use Copilot for implementation, debug...

0· 0·0 当前·0 累计
by @cecwxf·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/10
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill's purpose (running GitHub Copilot CLI) matches its instructions, but the metadata omits required runtime dependencies (copilot binary and possible tokens) and the SKILL.md often recommends broad flags (--allow-all-tools) that grant Copilot wide shell capabilities — these mismatches and broad execution recommendations warrant caution.
评估建议
This skill appears to do what it says (run the GitHub Copilot CLI), but there are transparency and safety gaps you should consider before installing or using it: - Runtime requirements: The metadata does not declare them, but the skill requires the 'copilot' binary and may use COPILOT_GITHUB_TOKEN/GH_TOKEN for authentication. Ensure you only provide tokens with the minimal scopes Copilot needs, and confirm the binary is installed from an official source. - Dangerous flags: Many examples use --a...
详细分析 ▾
用途与能力
The skill is clearly intended to run the GitHub Copilot CLI and the included files (SKILL.md, README, script) implement that. However the registry metadata claims no required binaries or env vars, while the instructions and example script explicitly require the 'copilot' binary and reference COPILOT_GITHUB_TOKEN/GH_TOKEN for authentication. The missing declaration of these runtime requirements is an incoherence (likely an oversight) that reduces transparency.
指令范围
SKILL.md stays within the stated purpose (how to invoke copilot in a repo) but repeatedly recommends using --allow-all-tools and background sessions. --allow-all-tools grants Copilot CLI broad ability to run shell tools (including git, rm, push) which expands the skill's effective privileges beyond simple 'code assistance'. While the docs also mention using --deny-tool and preferring scoped --allow-tool, many examples default to allow-all, creating a real risk if the agent is used against sensitive directories or without strict workdir control.
安装机制
This is an instruction-only skill with no install spec and includes a small helper script. There is no bundle download or remote install executed by the skill itself, which keeps on-disk modification risk low. The README simply references standard Copilot install commands (npm/brew/winget) but the skill does not perform installs.
凭证需求
The registry metadata lists no required environment variables, but both the README and references mention COPILOT_GITHUB_TOKEN / GH_TOKEN / GITHUB_TOKEN as possible ways to authenticate Copilot. The skill's runtime behavior legitimately may need these tokens; their absence from declared requirements is an inconsistency and harms the user's ability to judge credential exposure. No unrelated credentials are requested, but the omission is notable.
持久化与权限
The skill is not always-enabled and is user-invocable; it does not request persistent privileges or alter other skills. Autonomous invocation is allowed by platform default, but there's no 'always: true' or other elevated persistence in the manifest.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/10
● 可疑

安装命令 点击复制

官方npx clawhub@latest install copilot-cli-skill
镜像加速npx clawhub@latest install copilot-cli-skill --registry https://cn.clawhub-mirror.com

技能文档

Use this skill to reliably call Copilot CLI from OpenClaw.

Core rules

  • Verify Copilot CLI exists (copilot --version) before first task.
  • Always run Copilot through OpenClaw exec with pty:true.
  • Always set explicit workdir to the target repository.
  • For long tasks, use background:true and track via process.
  • Report clear milestones: started, waiting-input, finished/failed.

Execution patterns

One-shot coding task

Use:

  • exec.command: copilot -p "" --allow-all-tools
  • exec.pty: true
  • exec.workdir:

Scoped tool approval

Use --allow-tool and --deny-tool to control what Copilot can do:

  • exec.command: copilot -p "" --allow-tool 'shell(git)' --allow-tool 'write'
  • exec.pty: true
  • exec.workdir:

To block dangerous operations:

  • copilot -p "" --allow-all-tools --deny-tool 'shell(rm)' --deny-tool 'shell(git push)'

Interactive session

Use:

  • exec.command: copilot
  • exec.pty: true
  • exec.workdir:

Long-running background task

  • Start with exec(background:true, pty:true, workdir, command:"copilot -p '...' --allow-all-tools")
  • Record returned sessionId.
  • Poll with process action:poll.
  • Read output with process action:log.
  • If Copilot asks for input, use process action:submit.

Resume a previous session

Use:

  • exec.command: copilot --resume (select from list)
  • exec.command: copilot --continue (resume most recent)

Recommended prompts

  • "Implement with tests, run tests, and summarize changed files."
  • "Find root cause for failing CI in this repo and propose minimal fix."
  • "Review current branch diff and list high-risk issues first."
  • "Work on issue https://github.com/owner/repo/issues/123 in a new branch."
  • "Create a PR that updates the README with the latest API usage."

Guardrails

  • Do not claim files were changed unless logs show completion.
  • If copilot is missing or auth fails, return exact remediation steps.
  • Keep OpenClaw tool config (pty/workdir/background) separate from CLI args.
  • Prefer --allow-tool with specific scopes over --allow-all-tools for safety.
  • Use --deny-tool 'shell(rm)' when working in directories with important data.

References

  • references/copilot-doc-summary.md
  • references/copilot-usage-recipes.md
  • scripts/run-copilot-example.sh
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务