← 返回 Skills 市场
Gitlab Ci Linter
作者
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gitlab-ci-linter
功能描述
Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask...
使用说明 (SKILL.md)
GitLab CI Linter
Lint GitLab CI/CD pipeline files for syntax errors, security issues, deprecated patterns, and best practices violations.
Commands
All commands use the bundled Python script at scripts/gitlab_ci_linter.py.
1. Lint a pipeline file
python3 scripts/gitlab_ci_linter.py lint \x3Cfile-or-directory> [--strict] [--format text|json|markdown]
Runs all lint rules against one or more .gitlab-ci.yml files. If given a directory, scans for *.yml and *.yaml files recursively.
Flags:
--strict-- exit code 1 on any warning (not just errors)--format-- output format:text(default),json,markdown
2. Audit for security issues
python3 scripts/gitlab_ci_linter.py security \x3Cfile> [--format text|json|markdown]
Focused security audit: hardcoded secrets, unprotected variables, privileged runners, insecure Docker image tags, security jobs with allow_failure.
3. Inspect stages
python3 scripts/gitlab_ci_linter.py stages \x3Cfile> [--format text|json|markdown]
Show defined stages and which jobs map to each stage. Flags undefined or unused stages.
4. Validate pipeline structure
python3 scripts/gitlab_ci_linter.py validate \x3Cfile> [--format text|json|markdown]
Structural validation only: required keys, stage definitions, job keywords, dependency graph (circular needs:, missing refs).
Lint Rules (24 total)
Syntax & Structure (8 rules)
- missing-stages -- No
stages:definition - undefined-stage -- Job uses stage not in
stages:list - empty-job -- Job has no
script:section - invalid-job-name -- Job name starts with
.but is not used as a template - missing-script -- Job without
script:,before_script:, ortrigger: - circular-needs -- Circular dependency in
needs:graph - duplicate-job -- Duplicate job names (YAML parser collapses them)
- invalid-keyword -- Unknown top-level or job-level keyword
Security (6 rules)
- hardcoded-secret -- Passwords, tokens, keys in plain text
- unprotected-variable -- Sensitive-looking variable not using
$CI_*references - allow-failure-security -- Security-related job with
allow_failure: true - privileged-runner --
tags:requesting privileged runners - unmasked-variable -- Variable looks sensitive but not described as masked
- insecure-image -- Using
:latesttag for Docker images
Best Practices (10 rules)
- missing-retry -- No
retry:on deploy/test jobs - missing-timeout -- No
timeout:specified - no-cache-key --
cache:without explicitkey: - broad-artifacts -- Overly broad
artifacts: paths:patterns - missing-rules -- Job without
rules:oronly:/except: - deprecated-only-except -- Using
only:/except:instead ofrules: - long-script --
script:block exceeds 30 lines - missing-interruptible -- Long-running job without
interruptible: - no-coverage-regex -- Test job without
coverage:regex - missing-when -- No
when:inrules:entries
Output Formats
Text (default)
.gitlab-ci.yml:12 error [missing-script] Job 'deploy' has no script:, before_script:, or trigger:
.gitlab-ci.yml:25 warning [missing-timeout] Job 'test' has no timeout: specified
.gitlab-ci.yml:31 info [deprecated-only-except] Job 'build' uses only:/except: instead of rules:
3 issues (1 error, 2 warnings)
JSON
{
"file": ".gitlab-ci.yml",
"issues": [...],
"summary": {"errors": 1, "warnings": 2, "info": 0}
}
Markdown
Summary table with severity, rule, location, and message.
CI Integration
# .gitlab-ci.yml
lint-pipeline:
stage: test
script:
- python3 scripts/gitlab_ci_linter.py lint .gitlab-ci.yml --strict
Exit codes: 0 = clean, 1 = errors found (or warnings in --strict mode).
安全使用建议
This bundle appears coherent: it ships a local Python linter and the SKILL.md only instructs running that script on local .gitlab-ci.yml files. Before running it on sensitive repositories, review the bundled script for any network calls or unexpected os.*/subprocess usage (the provided portion uses only stdlib parsing). Run it first in a sandbox or on a non-production copy of your repo. Note the package owner is unknown and STATUS.md lists a price—if you plan to pay or publish this, confirm the provenance. If you want higher assurance, open the entire scripts/gitlab_ci_linter.py file and grep for requests, urllib, socket, subprocess, os.environ access, or writing outside the working directory; any of those would warrant closer review.
功能分析
Type: OpenClaw Skill
Name: gitlab-ci-linter
Version: 1.0.0
The gitlab-ci-linter bundle is a legitimate static analysis tool for validating GitLab CI/CD YAML configurations. The core logic in scripts/gitlab_ci_linter.py is implemented using only the Python standard library and performs pattern matching (regex) to identify security risks like hardcoded secrets or insecure image tags. There is no evidence of data exfiltration, unauthorized network activity, or malicious execution; the tool operates strictly on the files provided by the user and outputs findings to the console.
能力评估
Purpose & Capability
Name and description match the included tooling: a Python script that parses and lints .gitlab-ci.yml files. No unrelated environment variables, binaries, or cloud credentials are requested.
Instruction Scope
SKILL.md restricts runtime behavior to invoking the bundled script on local files or directories and selecting output formats. It does not instruct reading unrelated system paths, exfiltrating data, or contacting external endpoints.
Install Mechanism
No install spec is provided (instruction-only skill) and the linter is bundled as a pure-Python script using the standard library. No downloads, package installs, or archive extraction are declared.
Credentials
The skill declares no required environment variables, credentials, or config paths. The linter inspects YAML files for patterns like 'hardcoded-secret' but does not require or request secret values to operate.
Persistence & Privilege
Skill is not always-enabled, does not request persistent or elevated agent privileges, and does not declare any behavior that modifies other skills or system configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gitlab-ci-linter - 安装完成后,直接呼叫该 Skill 的名称或使用
/gitlab-ci-linter触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Gitlab Ci Linter 是什么?
Lint and validate GitLab CI/CD pipeline YAML files (.gitlab-ci.yml) for syntax errors, security issues, deprecated patterns, and best practices. Use when ask... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 Gitlab Ci Linter?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gitlab-ci-linter」即可一键安装,无需额外配置。
Gitlab Ci Linter 是免费的吗?
是的,Gitlab Ci Linter 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Gitlab Ci Linter 支持哪些平台?
Gitlab Ci Linter 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gitlab Ci Linter?
由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。
推荐 Skills