ClawHub

Gitlab Ci Linter

v1.0.0

Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask...

0· 49·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the included tooling: a Python script that parses and lints .gitlab-ci.yml files. No unrelated environment variables, binaries, or cloud credentials are requested.
Instruction Scope
SKILL.md restricts runtime behavior to invoking the bundled script on local files or directories and selecting output formats. It does not instruct reading unrelated system paths, exfiltrating data, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only skill) and the linter is bundled as a pure-Python script using the standard library. No downloads, package installs, or archive extraction are declared.
Credentials
The skill declares no required environment variables, credentials, or config paths. The linter inspects YAML files for patterns like 'hardcoded-secret' but does not require or request secret values to operate.
Persistence & Privilege
Skill is not always-enabled, does not request persistent or elevated agent privileges, and does not declare any behavior that modifies other skills or system configuration.
Assessment
This bundle appears coherent: it ships a local Python linter and the SKILL.md only instructs running that script on local .gitlab-ci.yml files. Before running it on sensitive repositories, review the bundled script for any network calls or unexpected os.*/subprocess usage (the provided portion uses only stdlib parsing). Run it first in a sandbox or on a non-production copy of your repo. Note the package owner is unknown and STATUS.md lists a price—if you plan to pay or publish this, confirm the provenance. If you want higher assurance, open the entire scripts/gitlab_ci_linter.py file and grep for requests, urllib, socket, subprocess, os.environ access, or writing outside the working directory; any of those would warrant closer review.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ee58e3sftf0dm90sqj2qc184rm37

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments