← 返回 Skills 市场
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pipelinelint
功能描述
CI/CD pipeline anti-pattern analyzer -- detects hardcoded secrets, missing cache configs, skipped tests, unsafe deployments, no approval gates, and environme...
安全使用建议
This skill appears to do what it claims: local regex-based scans and optional git-hook integration. Before installing, review and accept that: (1) installing lefthook via Homebrew is required to enable repo hooks; (2) running the hooks installer will create or append a lefthook.yml in your repository and register pre-commit/pre-push hooks that run the scanner on commits/pushes (this changes repo config and can add scan latency); (3) the license check reads a license key from the PIPELINELINT_LICENSE_KEY env var or ~/.openclaw/openclaw.json — ensure you are comfortable storing your key there. If you do not want repo hooks, you can use the one-shot scan commands instead. As always, review the included shell scripts (analyzer.sh, dispatcher.sh, patterns.sh, license.sh) yourself before enabling hooks to confirm they match your security policies.
功能分析
Type: OpenClaw Skill
Name: pipelinelint
Version: 1.0.0
PipelineLint is a legitimate CI/CD pipeline analyzer designed to detect security anti-patterns and configuration issues locally. The skill uses regex-based scanning (analyzer.sh, patterns.sh) and provides a tiered licensing system validated offline via JWT (license.sh). It includes standard developer features like git hook integration via lefthook and multi-format reporting (text, JSON, HTML). No evidence of data exfiltration, malicious execution, or unauthorized network activity was found; the code logic is entirely consistent with its stated purpose.
能力标签
能力评估
Purpose & Capability
Name/description (CI/CD anti-pattern analyzer) matches the code and metadata. Required binaries (git, bash) and the primary credential (PIPELINELINT_LICENSE_KEY) are appropriate for a local scanner that integrates with git and supports licensed tiers. The brew install of lefthook is coherent with the advertised git-hook integration.
Instruction Scope
Runtime instructions and scripts focus on local file discovery, regex pattern matching, scoring, and report generation. The SKILL.md and lefthook config instruct installing pre-commit and pre-push hooks that source the skill's scripts from a skill directory (defaults to $HOME/.openclaw/skills/pipelinelint). This is expected behaviour for a hooks-integrated linter, but note that installing hooks modifies repository configuration and will run scans on commits/pushes.
Install Mechanism
Install spec uses a Homebrew formula (lefthook) — a standard package manager + known tool — and included scripts are plain shell files bundled with the skill. No downloads from untrusted URLs or archives are present in the provided manifest.
Credentials
Only the license key (PIPELINELINT_LICENSE_KEY) is declared as required. The license module also optionally reads ~/.openclaw/openclaw.json to find a stored key (a reasonable convenience). The scripts do not request unrelated secrets or multiple external credentials.
Persistence & Privilege
always:false and user-invocable:true — no forced global presence. The skill can install lefthook repo hooks and will write/append lefthook.yml in a repository, which is appropriate for a git-hook linter but is a persistent change to a repo until removed. The skill does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pipelinelint - 安装完成后,直接呼叫该 Skill 的名称或使用
/pipelinelint触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of PipelineLint: CI/CD pipeline anti-pattern analyzer.
- Detects 90 CI/CD pipeline anti-patterns across 6 categories: secrets, caching, testing, dependencies, deployment safety, and environment configuration.
- Tiered feature access: Free (30 patterns: SE, CF), Pro (60 patterns), Team/Enterprise (90 patterns).
- Provides detailed grading, per-finding remediation, and plaintext/JSON/HTML reporting.
- 100% local analysis—no telemetry or network calls; offline license validation.
- Integrates with git hooks (via lefthook) for automated pre-commit checks.
元数据
常见问题
pipelinelint 是什么?
CI/CD pipeline anti-pattern analyzer -- detects hardcoded secrets, missing cache configs, skipped tests, unsafe deployments, no approval gates, and environme... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 pipelinelint?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pipelinelint」即可一键安装,无需额外配置。
pipelinelint 是免费的吗?
是的,pipelinelint 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
pipelinelint 支持哪些平台?
pipelinelint 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。
谁开发了 pipelinelint?
由 suhteevah(@suhteevah)开发并维护,当前版本 v1.0.0。
推荐 Skills