← 返回 Skills 市场

Github Actions Gen

Name: Github Actions Gen
Author: ckchzh

作者 BytesAgain2 · GitHub ↗ · v3.0.0 · MIT-0

cross-platform ⚠ suspicious

388

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-gen

功能描述

Generate GitHub Actions workflow YAML files for CI/CD. Use when setting up automated pipelines.

使用说明 (SKILL.md)

github-actions-gen

Generate GitHub Actions workflow YAML files for CI/CD. Use when setting up automated pipelines.

Commands

`create`

scripts/script.sh create \x3Ctype>

`template`

scripts/script.sh template \x3Clanguage>

`lint`

scripts/script.sh lint \x3Cfile>

`list`

scripts/script.sh list

`optimize`

scripts/script.sh optimize \x3Cfile>

`secrets`

scripts/script.sh secrets \x3Cfile>

Data Storage

Data stored in ~/.local/share/github-actions-gen/.

Powered by BytesAgain | bytesagain.com | [email protected]

安全使用建议

This skill appears to do what it says: run the bundled shell script to produce or inspect GitHub Actions YAML. Before installing or executing, review scripts/script.sh yourself (it is included) to ensure you accept running a local shell script. Note the script will create ~/.local/share/github-actions-gen (benign). The script's templates and help text are simplistic and some listed types/languages are not implemented — expect limited functionality. Only run the skill if you trust the BytesAgain source; avoid running it on repositories with sensitive data unless you inspect its behavior first.

功能分析

Type: OpenClaw Skill Name: github-actions-gen Version: 3.0.0 The script 'scripts/script.sh' contains multiple shell injection vulnerabilities due to unquoted variables and improper argument handling in functions like 'cmd_lint', 'cmd_optimize', and 'cmd_secrets'. Specifically, the script uses '$2' without quotes in file-system operations and grep commands, which could allow arbitrary command execution if a crafted filename is provided. While these appear to be unintentional logic errors (off-by-one argument indexing after a shift), the high-risk nature of the resulting vulnerabilities meets the criteria for a suspicious classification.

能力评估

✓ Purpose & Capability

Name/description match the included script and commands. The SKILL.md maps directly to scripts/script.sh which implements create, template, lint, list, optimize, and secrets actions aimed at GitHub Actions YAML generation and checks. The requested capabilities (none) are appropriate for the stated purpose.

ℹ Instruction Scope

Instructions ask the agent to run the local shell script with user-supplied arguments; the script only reads files given as arguments and uses $HOME to create a data directory. There is no network exfiltration or access to unrelated system credentials. Minor scope mismatch: SKILL.md/list output mentions a few types/languages (e.g., test, lint, go, release, docker) that the create/template handlers do not actually implement — this is a correctness/usability issue, not a security issue.

✓ Install Mechanism

No install spec and no downloads; the skill is effectively instruction + one bundled script. This is low risk because nothing is fetched from the network or installed automatically.

✓ Credentials

The skill declares no environment variables or credentials. The bundled script similarly does not read secrets or external credentials. It creates a data directory under ~/.local/share/github-actions-gen but does not write any sensitive tokens. Proportional.

✓ Persistence & Privilege

always is false and the skill does not request privileged or persistent system changes. It creates its own data directory in the user's home, which is normal for user-level tools.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-gen
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-gen 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v3.0.0

v3.0.0: Complete rewrite with real functionality.

v2.0.1

update

v2.0.0

v2.5 standard: Use-when desc, homepage, source, security fix

v2.3.4

old template -> domain-specific v2.0.0

v2.3.3

old template -> domain-specific v2.0.0

v2.3.2

Quality upgrade

v2.3.1

De-template, unique content, script cleanup

v2.3.0

Quality fixes: removed third-party references, aligned docs with implementation

v2.2.0

Enhanced descriptions for better AI triggering

v1.0.0

Initial release of github-actions-gen - Generate production-ready GitHub Actions CI/CD workflow files for Node.js, Python, Docker, Terraform, Go, and Rust. - Supports matrix builds, dependency caching, artifact management, deployment pipelines, environment secrets, and reusable workflows. - Provides commands for generating CI, CD, Docker, Terraform, matrix, release, cron, and reusable workflows. - Includes usage examples and best practices for testing, building, linting, and deploying applications.

元数据

Slug github-actions-gen

版本 3.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 10

常见问题