GitHub Pages Auto Deploy
PassAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only GitHub Pages deployment guide; it asks users to add a normal GitHub Actions workflow, but they should review the deployment permissions and optional third-party build steps.
Before installing or using this skill, review the GitHub Actions workflow it suggests, make sure automatic publishing on push is what you want, and pin or vet any optional third-party actions or npm packages you add to the workflow.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If added to a repository, the workflow can publish that repository's website through GitHub Pages.
The suggested GitHub Actions workflow grants permission to publish to GitHub Pages and request an identity token. These permissions are expected for GitHub Pages deployment, but they are still account/repository authority.
permissions: contents: read pages: write id-token: write
Use the workflow only in repositories you intend to publish, keep branch protections appropriate, and review the GitHub Pages permissions before committing it.
Website changes can go live automatically after a matching push.
The workflow is designed to run automatically on pushes to the master branch when website files or the workflow change. That is purpose-aligned for auto-deploy, but a mistaken push could be published.
on:
push:
branches: [ master ]
paths:
- 'website/**'
- '.github/workflows/deploy-pages.yml'Confirm the branch and path filters match your release process, and consider pull requests or branch protection for sites where accidental publication would matter.
If the optional snippet is used, future builds may run whatever versions of those npm packages are current at install time.
The optional optimization example installs npm packages globally in CI without pinning exact versions. This is a common build pattern, but it introduces external package supply-chain reliance.
npm install -g html-minifier clean-css-cli uglify-js
Pin package versions or use a reviewed project lockfile for production workflows.