ClawHub

CI/CD Pipeline

v1.0.0

Create, debug, and manage CI/CD pipelines with GitHub Actions. Use when the user needs to set up automated testing, deployment, releases, or workflows. Covers workflow syntax, common patterns, secrets management, caching, matrix builds, and troubleshooting.

2· 4k·31 current·31 all-time
by@gitgoodordietrying
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (GitHub Actions CI/CD) aligns with the content: workflow examples, secrets usage, matrix builds, caching, deployment and debugging patterns. Declared optional binaries (gh, git) are reasonable for a GitHub-focused helper.
Instruction Scope
SKILL.md contains only workflow examples and guidance. It references running repository scripts (e.g., ./deploy.sh) and using GitHub secrets in workflows (e.g., secrets.DEPLOY_TOKEN, GITHUB_TOKEN) — normal for CI guidance but reminds you to review any repo scripts and referenced third-party actions before running them.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The YAML examples show usage of GitHub secrets (as expected for CI) but the skill does not request local secrets or unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent/system-wide privileges or modify other skills' configs.
Assessment
This is a documentation-style skill for authoring GitHub Actions workflows and appears internally consistent. Before applying suggested workflows to a repository, review any referenced scripts (deploy.sh, build scripts) and third-party actions used (e.g., softprops/action-gh-release, docker/* actions) for supply-chain or privilege risks. Ensure you grant least-privilege permissions to GITHUB_TOKEN and repository secrets, and verify any deploy tokens or registry credentials are stored securely in GitHub Secrets rather than committed. If you allow the agent to run local gh/git commands, be aware it may interact with your local repo; only permit that if you trust the agent's actions.

Like a lobster shell, security has layers — review code before you run it.

latestvk978gc33qaqtmxxp48g97pra9n80f88v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
OSLinux · macOS · Windows
Any bingh, git

Comments