Gitea Actions

v0.1.0

Trigger workflows, list runs, and get status for Gitea/Forgejo Actions workflows using owner, repo, and workflow details via API.

⭐ 0· 355·0 current·0 all-time

byTom@qizhou-guo

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name/description (trigger/query Gitea/Forgejo Actions) matches what the code does: it constructs Gitea API URLs and calls them. However the registry metadata claims no required environment variables or credentials, while both SKILL.md and index.js require GITEA_URL and GITEA_TOKEN. That mismatch is an incoherence you should resolve before trusting the skill.

ℹ

Instruction Scope

SKILL.md instructs running the bundled index.js from ~/.openclaw/skills and documents the two env vars the code needs. The runtime instructions stay within the stated purpose (only call the specified Gitea API endpoints). One omission: the docs do not mention that the code invokes the system curl binary, so a user might be surprised if curl is missing or behaves unexpectedly.

✓

Install Mechanism

This is instruction-only with no install spec, so nothing is downloaded or installed by the skill itself. That lowers installation risk.

Credentials

The code requires GITEA_URL and GITEA_TOKEN (sensible and proportionate for interacting with a Gitea API). But the skill registry metadata lists no required env vars and no primary credential — a clear inconsistency. Also the SKILL.md example uses an IP address (http://8.137.50.76:10000) which could be an innocuous example, but you should verify you are pointing the token to your intended Gitea instance before providing credentials.

✓

Persistence & Privilege

The skill does not request persistent presence (always: false) and does not modify agent/system configuration. It runs only when invoked and does not enable autonomous elevation of privileges beyond normal skill invocation.

What to consider before installing

This skill appears to do what it says: call Gitea Actions endpoints. Before installing, confirm the developer updates the registry metadata to declare GITEA_URL and GITEA_TOKEN and documents the need for the system 'curl' binary (or replace curl with a Node HTTP call). Only provide a Gitea token that has the minimum permissions (dispatch/list/read runs) and point GITEA_URL to a trusted instance. If you already set a token for testing and you don't trust the source, consider rotating/revoking it after use. When in doubt, ask the author to explain why metadata omits required env vars and to remove or explain the example IP in SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jd6svkj9yx0yvb2mzgrmx581rjb6

355downloads

0stars

1versions

Updated 1mo ago

v0.1.0

MIT-0

Gitea Actions

Trigger and query Gitea/Forgejo Actions workflows.

Environment Variables

GITEA_URL - Gitea API URL (e.g., http://8.137.50.76:10000)
GITEA_TOKEN - Gitea API token

Usage

node -e "
const gitea = require('~/.openclaw/skills/gitea-actions/index.js');

// Trigger workflow
gitea({ action: 'dispatch', owner: 'gg', repo: 'web3-mini-game', workflow: 'deploy-vercel.yml', ref: 'master' })

// List runs
gitea({ action: 'runs', owner: 'gg', repo: 'web3-mini-game' })

// Get run status
gitea({ action: 'run', owner: 'gg', repo: 'web3-mini-game', runId: 123 })
"

Actions

Action	Description
dispatch	Trigger a workflow dispatch
runs	List workflow runs
run	Get single run status

Inputs

Field	Type	Required	Description
action	string	✅	dispatch, runs, or run
owner	string	✅	Repository owner
repo	string	✅	Repository name
workflow	string	❌	Workflow file (for dispatch/runs)
ref	string	❌	Git ref (default: master)
runId	number	❌	Run ID (for run action)

Comments

Loading comments...