Gitea Actions
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gitea-actions Version: 0.1.0 The skill is designed to interact with Gitea/Forgejo Actions. It uses `node:child_process.spawn` to execute `curl` commands, but arguments are passed as an array, and user-controlled inputs (like owner, repo, workflow) are properly URL-encoded or JSON-stringified before being included in the `curl` command or its body. This prevents shell injection vulnerabilities. Sensitive environment variables (`GITEA_URL`, `GITEA_TOKEN`) are accessed as required for the skill's functionality and are not exfiltrated. The `SKILL.md` file contains no prompt injection attempts or instructions for the agent to perform malicious actions. The code aligns with its stated purpose without exhibiting malicious intent or significant vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or autonomous call that omits the action but includes workflow details could start CI/CD jobs or deployments unexpectedly.
The mutating workflow-dispatch path is selected by default when action is omitted and performs a POST to the dispatch endpoint.
const action = input.action || "dispatch"; ... "-X", "POST", ... url, "-d", body
Require action: "dispatch" explicitly, add user confirmation for workflow dispatches, and document allowed owner/repo/workflow/ref scopes.
Users may not be clearly warned that they are granting repository workflow authority, and using an http URL could expose the token in transit.
The skill requires a sensitive API token and gives a non-HTTPS URL example, while registry metadata declares no env vars or primary credential.
- `GITEA_URL` - Gitea API URL (e.g., `http://8.137.50.76:10000`); - `GITEA_TOKEN` - Gitea API token
Declare GITEA_TOKEN and GITEA_URL in metadata, recommend HTTPS-only URLs, and instruct users to use a least-privilege token limited to the intended repositories and workflow actions.
The skill depends on the local curl binary and PATH environment; if curl is missing or replaced, the skill may fail or run unexpected local code.
The skill launches a local curl process to perform API requests; this is aligned with the purpose but is not reflected in the declared requirements.
const { spawn } = require("node:child_process"); ... const p = spawn("curl", args, { env: process.env });Declare curl as a required binary or replace it with a built-in Node HTTP client, and continue avoiding shell-string execution.