ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Peter Ci Gate

v1.1.0

CI 绿灯门禁。负责远端检查状态、失败定位、单次重跑策略,并输出“是否可合并”。

0· 350·0 current·0 all-time
by@chinasilva
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (PR CI gating) matches the runtime instructions (gh pr view, gh pr checks, gh run list/view/rerun). However the SKILL.md assumes availability of the GitHub CLI (gh) and an authenticated GitHub session; the skill metadata declares no required binaries or credentials. Declaring gh and expected auth would be proportionate and clearer.
Instruction Scope
Instructions are narrowly scoped to inspecting PR/checks and optionally rerunning a failed workflow once. They do not ask the agent to read unrelated files, exfiltrate data, or contact external endpoints beyond GitHub (via gh). The rerun action is explicitly single-run and the doc includes guardrails (do not treat rerun as root-cause fix).
Install Mechanism
No install steps or code are provided (instruction-only), so nothing is written to disk or fetched during install. This minimizes install risk.
Credentials
No environment variables or credentials are declared, but the gh commands require GitHub authentication (gh auth or a configured token). The skill should state that the agent needs a GitHub-authenticated gh on PATH and clarify the required token scopes (read checks, rerun workflows). Without that disclosure, users may unknowingly grant the agent broad GitHub access.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system presence or modification of other skills. Autonomous invocation is allowed by platform default but is not an additional privilege requested by the skill itself.
Assessment
This skill is coherent with its stated purpose of judging whether a PR's CI is mergeable. Before installing or enabling it, ensure the agent environment has the GitHub CLI (gh) on PATH and a GitHub credential configured with the minimal scopes needed (read checks, list runs, rerun workflow). Confirm who controls that credential and whether you’re comfortable letting the agent execute a single 'gh run rerun' (it can consume CI minutes and trigger actions in your repos). If you want more safety, require explicit human confirmation before performing reruns or limit the credential to read-only scopes (then perform reruns manually).

Like a lobster shell, security has layers — review code before you run it.

latestvk97fgns0dbvr01aj6f5v4sf99s826km0
350downloads
0stars
1versions
Updated 7h ago
v1.1.0
MIT-0
@chinasilva
latest
Download

Peter CI Gate

30 秒简介

用于“PR 是否能合并”的远端 CI 判定。

它聚焦 3 件事:

  1. 看清当前 checks 状态
  2. 判断失败是代码问题还是偶发波动
  3. 给出可执行动作(修复或单次重跑)

适用场景

  • 用户提到“看下 CI”“为什么没过”“是否可以合并”
  • PR 临近合并,需要明确 gate 结论

执行步骤

  1. 获取 PR 与 checks 状态:
gh pr view <pr> --json number,title,url,state,mergeStateStatus,headRefName
gh pr checks <pr>
  1. 失败时获取最近 workflow 详情:
branch=$(gh pr view <pr> --json headRefName --jq '.headRefName')
gh run list --branch "$branch" --limit 20
gh run view <run-id> --log-failed
  1. 处理策略:
  • 代码或测试真实失败:标记阻塞并给修复建议
  • 明显偶发失败:允许重跑一次
gh run rerun <run-id>
  1. 输出门禁结论:
  • 可合并:所有必需 checks 通过
  • 暂不可合并:存在阻塞项

护栏

  • 不把“重跑成功”当作根因修复。
  • 每个失败项必须给出证据(job/log)。
  • 默认不跳过必需检查。

Comments

Loading comments...