Back to skill
v1.0.0
Skylv Gh Actions Automation
BenignClawScan verdict for this skill. Analyzed May 2, 2026, 10:49 PM.
Analysis
This instruction-only skill provides straightforward GitHub Actions CI templates, with no hidden code or credential requirements.
GuidanceThis skill appears safe to use as a workflow-template helper. Before installing or using the generated output, review the YAML, confirm the CI triggers are desired, and consider your organization’s policy for pinning GitHub Actions versions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Abnormal behavior control
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
uses: actions/checkout@v4 ... uses: actions/setup-node@v4 ... uses: actions/setup-python@v5
The generated workflows depend on external GitHub Actions referenced by version tags rather than immutable commit SHAs.
User impactThe generated CI workflow will rely on externally maintained actions, so future changes to those actions could affect builds.
RecommendationReview generated workflows before committing them, and consider pinning actions according to your repository's supply-chain policy.
Cascading Failures
SeverityLowConfidenceHighStatusNote
SKILL.md
on: [push, pull_request] ... run: npm ci ... run: npm test ... run: pip install -r requirements.txt ... run: pytest
The templates define automation that runs dependency installation and test commands automatically on repository events.
User impactOnce added to a repository, the workflow may run on pushes and pull requests and can affect CI results or consume CI minutes.
RecommendationConfirm the trigger events and commands match the project before adding the workflow to a repository.