ClawHub

Github Webhook Architect

v1.1.2

Guides users through configuring OpenClaw, Nginx, and GitHub Actions to establish a secure, autonomous GitHub integration pipeline.

0· 105·0 current·0 all-time
byPatrik Ekenberg@patello
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the content of SKILL.md: guidance for configuring OpenClaw, Nginx, and GitHub Actions. The guidance reasonably includes creating openclaw.json mappings, Nginx server blocks, and GitHub Action YAML plus use of GitHub Secrets. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
SKILL.md stays on-topic and repeatedly instructs the agent to explain steps and to require explicit user authorization before performing config edits or executing system tools. It does permit (optionally) inspecting or writing configuration files and using system tools (nginx, ufw, certbot) if present — which is appropriate for configuring webhooks but is an elevated action that requires explicit user consent and careful review before the agent is allowed to act.
Install Mechanism
There is no install spec and no code files included — the skill is instruction-only, so it does not download or install software. This minimizes on-disk risk.
Credentials
The skill requests no local environment variables or credentials. It correctly instructs users to store tokens in GitHub repository Secrets (OPENCLAW_HOOKS_URL, OPENCLAW_HOOK_TOKEN, OPENCLAW_AGENT_ID) rather than exposing them locally. The required secrets are proportional to the purpose.
Persistence & Privilege
always is false and the skill requests no persistent system presence. The SKILL.md instructs against autonomous actions without explicit user authorization. While model invocation is permitted by default on the platform, that alone is not sufficient grounds for concern here.
Assessment
This skill is an instruction-only guide and appears coherent for setting up a GitHub -> Nginx -> OpenClaw webhook pipeline. Before using it, review these practical precautions: (1) Only allow the agent to write or execute server configs after you explicitly authorize it; prefer manual edits unless you trust the exact changes. (2) Ensure OpenClaw is bound to 127.0.0.1 as recommended and back up existing Nginx configs before applying changes. (3) Store tokens as GitHub repository Secrets (not local files), and rotate any token exposed during HTTP testing immediately. (4) Test in a staging environment and validate that Nginx proxy_pass paths and trailing-slash behavior match OpenClaw mappings. (5) Note the skill source/homepage is unknown — because it has no code or install steps, risk is limited to following its instructions; still exercise usual caution and verify any config snippets before applying them.

Like a lobster shell, security has layers — review code before you run it.

latestvk973xsfb244jqns2p7rc8gw2ws84dpm0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments