CI发布工程师环境兼容与命令安全

PassAudited by ClawScan on May 8, 2026.

Overview

This instruction-only skill is coherently focused on safer CI command composition and environment compatibility, with no code, install steps, credentials, or hidden capabilities shown.

This appears safe to install as an instruction-only CI command-safety skill. Before letting it run commands, confirm the exact command, target environment, and whether the command could modify files, publish releases, or affect CI systems.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The agent may run targeted shell or CI-related checks to validate quoting and compatibility.

Why it was flagged

The skill may lead the agent to execute local validation commands, but the instruction is purpose-aligned and explicitly scoped to the narrowest confirming command.

Skill content

Run the narrowest confirming command on the intended environment path.

Recommendation

Use this skill with clear user approval for any command that mutates files, releases software, changes CI configuration, or touches production-like environments.