DevOps Bridge
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: devops-bridge Version: 1.0.0 The `SKILL.md` describes a 'devops-bridge' that integrates various development tools. It explicitly mentions using the `gh` CLI and other CLIs (Linear, Jira APIs), implying the agent will execute shell commands. This capability, combined with powerful actions like 'trigger a re-run' for CI/CD and 'Merge PR 142', introduces a significant vulnerability risk for shell injection (RCE) if user-provided input is not rigorously sanitized before being used in command construction. While these actions are aligned with the skill's stated purpose, the inherent risk of shell execution makes it suspicious due to potential for exploitation, even without clear evidence of intentional malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could change work items or post messages in team systems based on incomplete or mistaken interpretation.
The skill instructs the agent to mutate issue trackers and post comments automatically, but the visible artifact does not define confirmation, rollback, rate limits, or strict scope for these high-impact actions.
When a PR references an issue ... update the issue status automatically ... When CI fails on a PR linked to an issue, add a comment to the issue noting the blocker
Require explicit user approval before status changes, comments, CI reruns, or notifications; restrict actions to selected repositories and projects; and provide a dry-run summary first.
A misconfigured run could access or act across more repositories and workspaces than the user intended.
Using all repositories the user can push to is broad account authority, especially when combined with GitHub, messaging, Linear, and Jira actions. The registry metadata also declares no primary credential or required environment variables.
Which repos to monitor? Ask for a list or use "all repos I have push access to"
Use least-privilege tokens, require an explicit repository allowlist, declare credential requirements, and separate read-only monitoring from write-capable actions.
Incorrect or stale persistent configuration could cause future automated messages or issue updates to go to the wrong place or apply to the wrong project.
The stored configuration can include repositories, notification channels, reminder aggressiveness, and user-to-handle mappings, but the visible artifact does not describe validation, retention, or safe reuse boundaries.
Store configuration in workspace memory for persistence.
Store only minimal scoped configuration, show it before reuse, require confirmation for changes, and provide an easy way to view, edit, and delete the persisted settings.
A false CI failure, bad issue link, or incorrect user mapping could create confusing notifications and incorrect ticket updates across the team.
The skill is designed to propagate events from CI/GitHub into messaging and issue trackers. Without containment controls, one wrong match or noisy CI event could cascade across multiple systems.
when CI fails, automatically link it to the PR, notify the right Slack channel, and update the ticket
Add validation steps, confidence thresholds, deduplication, rate limits, and user approval before cross-system mutations.
The skill may keep sending summaries or reminders on a schedule if the user enables cron.
Recurring cron behavior is disclosed and purpose-aligned, but it means the agent may continue running scheduled DevOps checks and reminders after initial setup.
Generate a team-level development summary on demand or via cron
Only enable scheduled runs after reviewing the exact prompts, frequency, destination channels, and permissions, and ensure there is a clear disable path.
Users may not realize the skill relies on preconfigured local or account tools until the agent tries to use them.
The instruction file names external tool dependencies, while the registry requirements list no required binaries, credentials, or config paths. This is under-declared setup rather than direct malicious behavior.
Required Tools - `gh` CLI (GitHub) — for repo activity, PRs, issues, CI status - At least one messaging channel configured
Declare required tools and credential expectations in metadata and document the exact permissions needed for read-only versus write actions.