ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

analyze-ci

v0.1.0

Analyze failed GitHub Action jobs for a pull request.

0· 60·0 current·0 all-time
by@wu-uk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wu-uk/fix-build-agentops-analyze-ci.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "analyze-ci" (wu-uk/fix-build-agentops-analyze-ci) from ClawHub.
Skill page: https://clawhub.ai/wu-uk/fix-build-agentops-analyze-ci
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install fix-build-agentops-analyze-ci

ClawHub CLI

Package manager switcher

npx clawhub@latest install fix-build-agentops-analyze-ci
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to analyze GitHub Action logs for PRs, which matches the described usage examples. However SKILL.md relies on the GitHub CLI ('gh auth token') even though the skill declares no required binaries. That is an inconsistency between what's claimed and what's actually needed.
!
Instruction Scope
The runtime instructions are high-level and do not enumerate the exact commands or data flows. They instruct auto-detection of a GitHub token via 'gh auth token' and offer '--debug' to 'show debug info (tokens and costs)', which could cause secrets (GITHUB_TOKEN or other tokens surfaced by gh) to be printed or transmitted. The SKILL.md also says it analyzes logs 'using Claude' but the allowed-tools are Bash — the relationship between fetching logs and invoking the model is not spelled out.
Install Mechanism
Instruction-only skill with no install spec and no code files — low installation risk. Nothing is downloaded or written to disk by an installer.
!
Credentials
The skill declares no required env vars but explicitly references GITHUB_TOKEN and auto-detection via 'gh auth token'. That implies reading local credentials without declaring the dependency. The '--debug' option that shows 'tokens' increases the risk of accidental secret exposure. No unrelated credentials are requested, but the handling of the GitHub token is under-specified.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and is user-invocable only. No elevated persistence or cross-skill configuration is evident.
What to consider before installing
Before installing or running this skill: ensure the GitHub CLI (gh) is installed if you plan to use auto-detection; prefer supplying a scoped GITHUB_TOKEN rather than relying on automatic credential reads; avoid using the --debug flag in untrusted environments because it may print tokens or other sensitive information; ask the skill author for a precise list of commands the skill will run and for confirmation that tokens will not be logged or transmitted to external endpoints. If you need to be extra cautious, run the skill in an isolated environment with only a limited-scope token.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eet6bynpz9jvx9j09rw79y184xvrt
60downloads
0stars
1versions
Updated 1w ago
v0.1.0
MIT-0
@wu-uk
latest
Download

Analyze CI Failures

This skill analyzes logs from failed GitHub Action jobs using Claude.

Prerequisites

  • GitHub Token: Auto-detected via gh auth token, or set GITHUB_TOKEN env var

Usage

# Analyze all failed jobs in a PR
uv run skills analyze-ci <pr_url>

# Analyze specific job URLs directly
uv run skills analyze-ci <job_url> [job_url ...]

# Show debug info (tokens and costs)
uv run skills analyze-ci <pr_url> --debug

Output: A concise failure summary with root cause, error messages, test names, and relevant log snippets.

Examples

# Analyze CI failures for a PR
uv run skills analyze-ci https://github.com/mlflow/mlflow/pull/19601

# Analyze specific job URLs directly
uv run skills analyze-ci https://github.com/mlflow/mlflow/actions/runs/12345/job/67890

Comments

Loading comments...