ClawHub

GitHub Actions

v1.0.0

Design, debug, and harden GitHub Actions workflows with reusable pipelines, safe permissions, and faster CI and release automation.

0· 699·14 current·14 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided docs and runtime instructions. The only required resource is a local memory/config path (~/github-actions/), which is appropriate for an instruction-only assistant that keeps workflow context and notes.
Instruction Scope
SKILL.md and the included docs limit behavior to workflow design, debugging, and hardening. The skill explicitly instructs reading setup.md on first activation and storing non-sensitive context in ~/github-actions/. It may ask for GitHub repo access for live inspection or to apply changes — that is coherent with the purpose but is an action the user should explicitly approve.
Install Mechanism
Instruction-only skill with no install spec or code to write to disk. Optional tool recommendations (gh, jq, act) are reasonable and non-mandatory.
Credentials
No environment variables or credentials are required. The skill documents proper handling of secrets (use GitHub-managed secrets or OIDC) and explicitly instructs never to ask users to paste tokens into chat. The single required config path (~/github-actions/) is proportional for storing non-sensitive memory and defaults.
Persistence & Privilege
always is false and the skill is user-invocable. It stores data only in its own declared path and does not request system-wide or other skills' config changes. Autonomous invocation is allowed by platform default but not combined with excessive privileges here.
Assessment
This skill appears coherent: it is a documentation-driven assistant for GitHub Actions that will store non-sensitive notes under ~/github-actions/ and may ask to inspect or change repositories if you request live debugging. Before enabling: confirm you are comfortable with the agent writing to that local folder, explicitly approve any repository access or CI changes the agent proposes, and avoid pasting secrets into chat (the skill already instructs not to request tokens). If you want the agent to run live commands (gh/act), prefer granting scoped, short-lived credentials or using GitHub OIDC rather than pasting long-lived tokens.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714q41qbkd17brc0bj05n8tn82dz6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

GHA Clawdis
OSmacOS · Linux · Windows
Config~/github-actions/

Comments