ClawHub

GitHub Actions Generator

v1.0.0

生成 GitHub Actions 工作流,支持 CI/CD、测试、部署等多种场景。

0· 1.6k·22 current·24 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and description promise broad GitHub Actions generation (Node/Python/Go, Docker build & push, auto release, Dependabot, scheduled tasks). The included script only writes two simple workflows (ci.yml and deploy.yml), both Node-centric; it does not implement Docker, releases, Dependabot, schedules, or the CLI flags shown in the README. This is a capability mismatch and likely misleading.
!
Instruction Scope
Runtime instructions and usage examples show flags (e.g., --lang, --target, --registry) and multiple scenarios that the code does not support. The actual script accepts positional args ($1, $2) and ignores GNU-style flags; it only creates .github/workflows/ci.yml or deploy.yml and will overwrite those files if present. The instructions therefore overstate what the runtime will do.
Install Mechanism
No install spec and only an included bash script — nothing is downloaded from external URLs. This is low-risk from an install-perspective: code is included in the skill bundle and no network install steps are present.
Credentials
The skill requests no environment variables or credentials (correct for the provided script). However, the SKILL.md claims features that typically require credentials (e.g., pushing to registries, creating Releases, Dependabot configuration) but the skill does not request or document the needed tokens — another sign of inconsistency.
Persistence & Privilege
Skill is not always-on and does not request elevated platform privileges. It only writes workflow files into the repository (expected for a generator). There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears misleading: its README lists many features and CLI flags that are not implemented in the included script. If you consider installing or running it, do the following first: - Inspect the github-actions-generator.sh content (already included) and confirm it does what you need. It currently only writes two Node-focused workflows. - Run it in a throwaway repository or branch (not your main production repo), and back up any existing .github/workflows files because the script will overwrite ci.yml or deploy.yml. - If you need Docker pushes, Releases, Dependabot, or multi-language support, request an updated implementation that actually requires and documents the necessary credentials (e.g., GH_TOKEN, registry credentials) and show how flags are parsed. - Do not run this on a sensitive repo until you verify the generated workflows and the script behavior. The package appears non-malicious but is inconsistent and incomplete.

Like a lobster shell, security has layers — review code before you run it.

actionsvk9753re8dyvnkhgmhk2y304bdd824nb3automationvk9753re8dyvnkhgmhk2y304bdd824nb3cdvk9753re8dyvnkhgmhk2y304bdd824nb3civk9753re8dyvnkhgmhk2y304bdd824nb3githubvk9753re8dyvnkhgmhk2y304bdd824nb3latestvk9753re8dyvnkhgmhk2y304bdd824nb3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis

Comments