ClawHub

Easy CI/CD

v1.0.0

Build lightweight, minimal CI/CD scaffolding around a small project. Use when asked to add or simplify GitHub Actions, create a fast CI pipeline, add a minim...

0· 104·0 current·0 all-time
byYi@hyharry
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the actual content: guidance and templates for minimal CI/CD pipelines, GitHub Actions, and Dockerfiles. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md stays within scope: it instructs the agent to inspect the repository (detect language, read README/config), choose minimal pipelines, and prefer not to add secrets, cloud deploys, or registries unless explicitly asked. Reading repo files and running repo tests is appropriate for this purpose; there are no instructions to read unrelated system files or exfiltrate data.
Install Mechanism
There is no install specification and no code files — this is instruction-only. Nothing is downloaded or written by an installer, so install risk is minimal.
Credentials
The skill requests no environment variables or credentials. Built-in guidance explicitly discourages adding secret-dependent steps unless requested, so credential requests would be proportional and user-driven.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not request persistent privileges or modify other skills' configs. Autonomous invocation is allowed by default but not combined with other red flags.
Assessment
This skill is coherent and safe as an authoring/helper guide for minimal CI/CD. Before applying any generated workflow or Dockerfile: review the YAML/Dockerfile yourself, and don't merge workflows that add secret-dependent deploy steps unless you requested those. If you will execute generated checks locally or allow the agent to run commands, remember those actions run project code — inspect for unsafe scripts. Also consider pinning third-party actions to fixed versions and review any action sources before trusting them (avoid action versions that point to moving tags if you need reproducible security). If you want the skill to add cloud deploys or secret-handling steps, only provide explicit instructions and the minimal credentials required, and review those steps carefully.

Like a lobster shell, security has layers — review code before you run it.

latestvk971rq5n0v18e96h92qp9jjrad83dbw2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments