ClawHub

Ci Cd Compliance

v1.0.0

CI/CD pipeline requirements and deployment standards. Use when (1) Setting up CI/CD pipelines, (2) Debugging CI failures, (3) Configuring deployment workflow...

0· 107·1 current·1 all-time
byToby Morning@urbantech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description align with the instructions in SKILL.md: CI gate ordering, merge policy, failure handling, and IDE integration. It does not request unrelated binaries, credentials, or installs.
Instruction Scope
SKILL.md stays on-topic for CI/CD guidance, but it references 'references/pipeline-requirements.md' which is not present in the bundle and tells the agent to attach artifacts (test output, logs, screenshots) and use IDE terminals; this can lead the agent to read or operate on repository files or invoke commands in the environment — verify what repository access you grant and whether the referenced file exists.
Install Mechanism
No install spec and no code files are present; lowest-risk instruction-only deployment with nothing written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested; requirements are minimal and proportionate to a documentation/guide skill.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or elevated platform privileges.
Assessment
This skill is an instruction-only CI/CD guide and appears coherent. Before installing or enabling it, check the following: (1) Confirm the referenced 'references/pipeline-requirements.md' actually exists in your repo or workspace — otherwise the guidance may be incomplete; (2) Be aware the skill's instructions encourage attaching artifacts and using IDE terminals, which may prompt the agent to read repository files or execute commands — only give the agent repository/terminal access if you trust it and review its proposed commands; (3) The skill does not request credentials, but always review any PR comments or automated actions it generates before posting or merging. If you want higher assurance, ask the publisher for the missing reference file or an explicit list of safe commands the agent will run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2e54cqmc2v1y96dqt03sen83g94j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments