Gitea Workflow Dispatch

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to do what it claims—trigger a Gitea/Forgejo workflow dispatch—but it uses a powerful Gitea token and can start workflows that may deploy or change systems.

Before installing, confirm you trust the skill with a Gitea/Forgejo token and use a least-privilege token scoped to the intended repositories. Treat workflow dispatch as a potentially high-impact action, especially for deployment workflows, and use dryRun or explicit user confirmation when possible.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

If invoked with the wrong repository, workflow, ref, or inputs, it could start an unintended automation job.

Why it was flagged

The skill can trigger an arbitrary specified repository workflow via the dispatch API. This is the stated purpose, but workflow dispatch can run CI/CD jobs or deployments.

Skill content

const url = `${GITEA_URL}/api/v1/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}` +
              `/actions/workflows/${encodeURIComponent(workflow)}/dispatches`;

Recommendation

Use the skill only for workflows you intend to run, prefer dryRun first, and consider limiting the Gitea token to the minimum repositories and permissions needed.

#ASI03: Identity and Privilege Abuse

Medium

What this means

The skill can act on Gitea/Forgejo with whatever workflow-dispatch permissions the configured token has.

Why it was flagged

The skill uses the Gitea token as an Authorization header to perform the workflow dispatch. This is expected for the integration, but it gives the skill the token's delegated account permissions.

Skill content

"-H", `Authorization: token ${GITEA_TOKEN}`,

Recommendation

Create a dedicated least-privilege token for only the intended Gitea/Forgejo instance and repositories.

#ASI05: Unexpected Code Execution

Low

What this means

The skill may fail if curl is not installed, and users should understand it runs a local subprocess to make the request.

Why it was flagged

The implementation launches the local curl binary to make the API request. This is purpose-aligned and not using a shell string, but it is an executable dependency not declared in the SKILL.md requirements.

Skill content

const p = spawn("curl", args, { env: process.env });

Recommendation

Ensure curl is installed and trusted, or prefer an implementation that uses Node's built-in HTTP/fetch APIs and declares all runtime dependencies.