ClawHub

CI/CD Generator

v1.0.0

Generate GitHub Actions CI/CD pipelines tailored to the current project. Use when the user says 'set up CI', 'create pipeline', 'github actions', 'CI/CD', 'd...

0· 46·0 current·0 all-time
bySamih Mansour@llcsamih
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (CI/CD Generator for GitHub Actions) matches the SKILL.md: it inspects project files and generates workflow files. Required capabilities (reading repo files, creating .github/workflows entries) are consistent with the stated purpose.
Instruction Scope
Instructions explicitly tell the agent to read project-root files (package.json, pyproject.toml, Dockerfile, etc.) and create workflow files. This is expected for generating CI. Note: the SKILL.md does not describe how generated files are committed/pushed or how deployment credentials are obtained — it prompts the user for deploy target but does not request or manage secrets itself.
Install Mechanism
No install spec and no code files (instruction-only). This minimizes disk-write/install risk — the skill only provides runtime instructions.
Credentials
The skill requests no environment variables or credentials, which is proportionate for generating workflow content. However, some deploy targets mentioned (ECR, Docker Hub, VPS via SSH, Railway, Vercel) normally require credentials/secrets to actually deploy; the skill leaves secret management to the user/platform. That is reasonable but users should be aware the generated workflows may require adding secrets to GitHub.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills/config. It only instructs generation of workflow files in the repo scope.
Assessment
This skill is coherent for generating GitHub Actions workflows, but review the outputs before committing: it will read your repository to detect stack and create .github/workflows files that run CI in your repo. If you choose deploy targets (ECR, Docker Hub, VPS, Vercel, Railway), you will need to add appropriate secrets to GitHub Actions (e.g., DOCKER_USERNAME/DOCKER_PASSWORD, AWS credentials, SSH keys) — the skill doesn't request or store those. Check the generated workflows for: pinned action versions, unwanted environment variables or secret exposures, and any commands that run untrusted code. If you want the skill to also push commits or add secrets, verify how the agent/platform will perform those actions and grant only the minimal permissions required.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kkww797dvx8abb9v8bj1nh84f4z2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments