ClawHub
Back to skill
v1.0.0

GitHub Actions Troubleshooting

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

This instruction-only skill is coherent for troubleshooting GitHub Actions, though it can use your GitHub CLI access to view or download workflow logs and artifacts.

GuidanceInstall only if you want the agent to use gh and git for the selected repository. Make sure you are authenticated to the right GitHub account, review CI logs and downloaded artifacts before sharing them, and approve local file changes such as go.mod or go.sum updates.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Download workflow artifacts for inspection: `gh run download <run-id> --repo owner/repo` ... Run `go mod tidy` to resolve dependency conflicts

The documented workflow includes CLI commands that can download files and modify Go dependency files. This is aligned with CI troubleshooting, but should be scoped to the intended repo and reviewed before committing changes.

User impactThe agent could create local downloaded files or change go.mod/go.sum while applying fixes.
RecommendationReview downloaded artifacts and inspect local file diffs before committing, pushing, or sharing any results.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Use the `gh` CLI and Git to diagnose and fix GitHub Actions workflow failures ... `gh run view <run-id> --repo owner/repo --log-failed` ... `gh run download <run-id> --repo owner/repo`

These commands retrieve GitHub workflow status, logs, and artifacts. The GitHub CLI normally acts with the user's GitHub account permissions, so private repository CI data may be accessed.

User impactThe agent may be able to view or download workflow information from repositories your GitHub account can access.
RecommendationUse the skill only with the intended repository and GitHub account, and avoid exposing downloaded logs or artifacts unless you have reviewed them.