ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

repo-analyzer

GitHub repository trust scoring and due diligence. Use when asked to analyze, audit, score, or evaluate any GitHub repo — especially for crypto/DeFi project DD, checking if a repo is legit, evaluating code quality, verifying team credibility, or comparing multiple repos. Also handles X/Twitter URLs containing GitHub links — auto-extracts and analyzes repos from tweets. Triggers on "analyze this repo", "is this legit", "check this GitHub", "trust score", "audit this project", "repo quality", "batch scan repos", "analyze this tweet". ALSO auto-triggers when the user pastes an X/Twitter URL that contains a GitHub link — no explicit "analyze" command needed. When triggered by a tweet, ALWAYS include the tweet text/context above the analysis. Do NOT use for general GitHub browsing, reading READMEs, or cloning repos without analysis.

Why use this skill?

Perform deep due diligence on GitHub projects. The repo-analyzer audits security, code quality, and project health, providing a trust score for crypto and dev projects.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/don-gbot/repo-analyzer
Or

What This Skill Does

The repo-analyzer is a sophisticated, zero-dependency GitHub trust-scoring engine designed for the OpenClaw AI agent. It goes beyond surface-level metrics by running 29 distinct analysis modules across 14 scoring categories to evaluate the credibility, security, and quality of any GitHub repository. By normalizing 168 potential points into a 100-point scale, it provides a clear, actionable grade from A (LEGIT) to F (AVOID).

The tool specifically targets crypto/DeFi due diligence, AI-generated 'slop' detection, and malicious dependency auditing. It handles input via direct repository links or automatically by parsing X/Twitter URLs, where it extracts linked GitHub repos and correlates them with the tweet's original context for a comprehensive security assessment.

Installation

To integrate this skill into your environment, use the OpenClaw installer command: clawhub install openclaw/skills/skills/don-gbot/repo-analyzer

Ensure you have configured your environment variables correctly. The analyzer relies heavily on the GitHub API; you must have GITHUB_TOKEN defined in your environment (e.g., source it from your ~/.bashrc) to avoid severe scoring degradation. Without a valid token, the tool will miss critical data like commit signatures, star history, and fork analysis.

Use Cases

  • Crypto Due Diligence: Quickly identify rug-pull patterns, suspicious token minting, or wallet addresses hidden in repo commits before engaging with a DeFi project.
  • AI Authenticity Audits: Detect AI-generated code slop or boilerplate READMEs meant to mimic legitimate engineering effort.
  • Vendor/Library Vetting: Compare multiple repositories to choose the most maintainable, well-documented, and active solution for your stack.
  • Security Assessments: Review repositories for malicious install hooks, typosquatting, or insecure CI/CD configurations.

Example Prompts

  1. "Analyze this repo: https://github.com/example/defi-project and tell me if it looks legit for a long-term hold."
  2. "I'm looking at this https://x.com/dev/status/123456789. Can you audit the code quality and check for any security red flags in the linked GitHub repository?"
  3. "Compare these two repos for me: github.com/lib-a and github.com/lib-b. Which one is safer to use in production?"

Tips & Limitations

  • Always provide a token: The analyzer is significantly less accurate without a GitHub PAT. Ensure your environment is set up properly before running deep audits.
  • Context is King: When analyzing via tweet, the AI includes the tweet's metadata in the report. Use this to catch social engineering or hype-driven projects that lack actual engineering substance.
  • Not for general use: Do not use this tool for casual browsing, cloning, or reading standard READMEs. It is a specialized audit tool. Excessive use on non-auditing tasks will consume unnecessary API rate limits.
Read Full Documentation on GitHub

Metadata

Author@don-gbot
Stars2387
Views0
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-don-gbot-repo-analyzer": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#github#audit#security#defi#analysis
Safety Score: 4/5

Flags: network-access, external-api, code-execution

Related Skills

cross-model-review

Adversarial plan review using two different AI models. Supports static mode (fixed roles) and alternating mode (models swap writer/reviewer each round, fully autonomous). Use when building features touching auth/payments/data models, or plans >1hr to implement. NOT for simple fixes, research tasks, or quick scripts.

don-gbot 2387

source-library

Searchable knowledge base that captures and cross-references everything users share. Auto-triggers when user shares ANY URL (article, tweet, thread, repo, video, paper). Saves structured summaries with key claims, quotes, analysis, tags, and decay tracking. Cross-references sources, maps connections, detects conflicts, and manages reading queue. Triggers on: shared URLs, "source library", "what have I read", "search sources", "find that article about", "remember when I shared", "conflicts", "connections". Do NOT use for general web browsing, bookmark management, or fetching pages without saving.

don-gbot 2387