yunxiao-devops
WarnAudited by ClawScan on May 10, 2026.
Overview
This Yunxiao DevOps skill is purpose-aligned, but it deserves review because it can modify code/devops resources, create local SSH credentials, and run dynamic shell commands.
Install only if you are comfortable granting DevOps automation access. Use least-privileged Yunxiao tokens, review every diff/MR/deployment action before confirming, and check whether the bug-fix flow creates or uses SSH keys and external Claude/Anthropic processing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed work item value could potentially cause local command execution in the agent environment.
The snippet runs a shell command containing a dynamic workitemId. If that value can come from a user or callback and is not strictly validated, shell metacharacters could execute unintended local commands.
execSync(`node ${import.meta.dirname}/workitem-card.mjs ${workitemId}`, { stdio: 'inherit' });Replace shell-string execSync with spawn/execFile argument arrays, and strictly validate work item IDs before use.
The skill may create or rely on a long-lived SSH credential that can access code repositories.
This creates a default SSH private key in the user's home directory with an empty passphrase. That is persistent credential material and is not clearly surfaced in the visible setup instructions.
spawnSync('ssh-keygen', ['-t', 'rsa', '-b', '4096', '-f', `${homedir()}/.ssh/id_rsa`, '-N', ''], { stdio: 'pipe' });Do not auto-create default SSH keys without explicit user approval; let users choose an existing key or create a clearly documented, passphrase-protected, scoped key.
A user click or callback can change repository state and work item status.
The skill explicitly supports pushing code, creating merge requests, merging them, and updating work item state. This is purpose-aligned but high impact.
`BUGFIX_CONFIRM_DIFF|workitemId|repoId|fixBranch|workDir` | 确认 diff → 推送 + 创建 MR ... `BUGFIX_CONFIRM_MERGE|workitemId|repoId|mrId` | 确认合并 → 合并 MR + 工作项→已修复
Review diffs, MR targets, and branch names carefully before confirming; use least-privileged Yunxiao tokens.
The skill can act with the permissions of the configured Yunxiao and Feishu credentials.
The skill requires cloud DevOps and optional Feishu credentials. This is expected for the integration, but these credentials can grant broad workspace access depending on token scope.
`YUNXIAO_TOKEN` | 云效 Personal Access Token ... `YUNXIAO_ORG_ID` ... `FEISHU_APP_ID` / `FEISHU_APP_SECRET` | 飞书 App 凭证
Use narrowly scoped, non-permanent tokens and rotate them if exposed.
Bug-fix context or repository content may be processed by an external LLM provider depending on the Claude Code workflow.
The bug-fix flow passes Anthropic credentials and provider configuration to a child process, consistent with the SKILL.md reference to Claude Code repair. Users should understand the provider/data boundary.
env: { ...process.env, ANTHROPIC_AUTH_TOKEN: process.env.ANTHROPIC_API_KEY, ANTHROPIC_BASE_URL: process.env.ANTHROPIC_BASE_URL || 'https://api.anthropic.com' }Avoid using this flow on sensitive repositories unless the external provider and data handling are acceptable.
It is harder to confirm exactly which release is being installed or reviewed.
The supplied registry metadata says version 2.5.0, while the packaged _meta.json says 1.0.3. This provenance mismatch is not malicious by itself, but it weakens review clarity.
"version": "1.0.3"
Ask the publisher to align package metadata with registry metadata and provide a source/homepage.