← 返回 Skills 市场

CircleCI Config Validator

Name: CircleCI Config Validator
Author: charlie-morrison

作者 charlie-morrison · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

122

总下载

当前安装

版本数

在 OpenClaw 中安装

/install circleci-config-validator

功能描述

Validate .circleci/config.yml files for syntax, structure, security, and best practices. Use when validating CircleCI pipeline configuration, auditing CI/CD...

使用说明 (SKILL.md)

circleci-config-validator

A pure Python 3 (stdlib + PyYAML) validator for .circleci/config.yml files covering 22 rules across 5 categories.

Commands

python3 scripts/circleci_config_validator.py \x3Ccommand> [options] FILE

Command	Description
`validate`	Full validation — all 22 rules
`check`	Quick syntax + structure check only
`jobs`	List all jobs with executor type and step count
`graph`	Show workflow dependency graph as text

Options

Option	Description
`--format text\|json\|summary`	Output format (default: text)
`--strict`	Treat warnings as errors (exit 1)

Rules

ID	Category	Sev	Description
S001	Structure	E	YAML syntax error
S002	Structure	E	Missing `version` key
S003	Structure	E	Invalid version (must be 2 or 2.1)
S004	Structure	W	Missing `jobs` or `workflows` section
S005	Structure	W	Unknown top-level keys
J001	Jobs	E	Job missing execution environment
J002	Jobs	E	Job missing `steps`
J003	Jobs	W	Empty steps list
J004	Jobs	W	Unknown step name
J005	Jobs	E	`run` step missing `command`
W001	Workflows	E	Workflow references undefined job
W002	Workflows	E	Circular job dependency via `requires`
W003	Workflows	E	`requires` references undefined job
W004	Workflows	W	Empty workflow (no jobs)
SEC1	Security	E	Hardcoded secret in environment variable
SEC2	Security	W	`setup_remote_docker` without version pin
SEC3	Security	W	Deprecated `deploy` step used
SEC4	Security	I	`context` used without branch filters
B001	Best Practices	I	Missing `resource_class`
B002	Best Practices	I	No `working_directory` set
B003	Best Practices	W	`save_cache` without matching `restore_cache`
B004	Best Practices	W	Docker image using `latest` tag

Examples

# Full validation
python3 scripts/circleci_config_validator.py validate .circleci/config.yml

# Quick syntax check
python3 scripts/circleci_config_validator.py check .circleci/config.yml

# JSON output for CI
python3 scripts/circleci_config_validator.py --format json validate .circleci/config.yml

# One-line pass/fail
python3 scripts/circleci_config_validator.py --format summary validate .circleci/config.yml

# Strict mode (warnings = errors)
python3 scripts/circleci_config_validator.py --strict validate .circleci/config.yml

# List jobs
python3 scripts/circleci_config_validator.py jobs .circleci/config.yml

# Dependency graph
python3 scripts/circleci_config_validator.py graph .circleci/config.yml

Exit Codes

0 — No errors (warnings may exist)
1 — Errors found (or warnings in --strict mode)
2 — File not found or YAML parse error

Requirements

Python 3.7+
PyYAML (falls back to graceful error if unavailable)

安全使用建议

This skill appears coherent and focused: it reads and validates CircleCI YAML files and flags structural, best-practice, and secret-related issues. Because it includes an executable Python script, review the script yourself (or run it in an isolated/sandboxed environment) before installing or allowing autonomous execution. Confirm PyYAML is available if you want parsing to work. If you need absolute assurance, provide the full untruncated source for review or run the script in a disposable container to observe behavior (network activity, filesystem accesses) before integrating it into CI automation.

功能分析

Type: OpenClaw Skill Name: circleci-config-validator Version: 1.0.0 The circleci-config-validator skill is a legitimate tool for linting and auditing CircleCI configuration files. The core logic in `scripts/circleci_config_validator.py` uses `yaml.safe_load` to prevent YAML-based injection attacks and implements 22 validation rules, including security checks for hardcoded secrets and unpinned Docker images. No evidence of data exfiltration, malicious execution, or prompt injection was found.

能力评估

✓ Purpose & Capability

Name/description claim to validate CircleCI config files and the package includes a Python script that parses and checks .circleci/config.yml contents using YAML rules and heuristics. There are no unrelated required binaries, env vars, or config paths.

✓ Instruction Scope

SKILL.md explicitly instructs running the included Python script with commands like `validate`, `check`, `jobs`, and `graph`. The instructions and the visible script only reference the target config file and do not direct the agent to read unrelated system files or transmit data externally.

✓ Install Mechanism

No install spec is present (instruction-only installation). The code is bundled as a local Python script and has an optional dependency on PyYAML (graceful error if missing). No external downloads or archive extraction are used.

✓ Credentials

The skill does not declare or require any environment variables, credentials, or config paths. The script contains regexes to detect hardcoded secrets in the config file (expected for a linter).

✓ Persistence & Privilege

The skill is not forced-always, does not request elevated persistence, and there is no indication it modifies other skills or global agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install circleci-config-validator
安装完成后，直接呼叫该 Skill 的名称或使用 /circleci-config-validator 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: validate .circleci/config.yml. 22 rules across structure, jobs, workflows, security, best practices. 4 commands, 3 output formats.

元数据

Slug circleci-config-validator

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题