← 返回 Skills 市场
Doctorbot Ci Validator
作者
bamontejano
· GitHub ↗
· v0.1.0
794
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-doctorbot-ci-validator
功能描述
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
安全使用建议
Do not install or run this skill as-is. The SKILL.md expects local Python scripts (scripts/validate_keep.py and scripts/validate_yaml.py) but the published package contains no code or install spec; it's therefore incomplete and ambiguous. Before proceeding, ask the publisher or maintainer for: (1) the actual code or a proper install spec that fetches it, (2) an explicit list of required binaries and Python packages, and (3) a README or source tarball you can inspect. If you must test it, fetch the GitHub homepage referenced in the skill, inspect the repository contents and scripts for network calls or credential use, and run any unknown scripts in an isolated sandbox/container with no access to secrets or production repositories.
功能分析
Type: OpenClaw Skill
Name: skill-doctorbot-ci-validator
Version: 0.1.0
The provided `_meta.json` and `SKILL.md` files describe a skill for validating CI/CD workflow files. The `SKILL.md` outlines the skill's purpose, features, and usage, which involves executing local Python scripts (`scripts/validate_keep.py`, `scripts/validate_yaml.py`) with user-provided file paths. There is no evidence of prompt injection attempts against the agent, direct malicious commands, data exfiltration, or other harmful behaviors within the analyzed content. The instructions are straightforward and align with the stated, legitimate purpose of CI/CD validation. The actual Python scripts are not provided, so their content cannot be analyzed for vulnerabilities or malicious code, but the instructions themselves are benign.
能力评估
Purpose & Capability
The skill claims to perform offline CI workflow validation (Keep, GitHub Actions, GitLab), and the instructions reference concrete Python scripts (scripts/validate_keep.py, scripts/validate_yaml.py). However, the published package contains no code files and no install specification to provide those scripts. That makes the declared capability unattainable from this bundle and therefore incoherent.
Instruction Scope
Runtime instructions tell the agent to run python3 scripts against repository files and directories. Reading repo workflow files is consistent with a validator, but because the scripts aren't included, the instructions effectively instruct the agent to run arbitrary code that isn't present. The instructions do not request network exfiltration or unrelated system access, but they assume the presence of local scripts and Python that are not declared.
Install Mechanism
There is no install specification in the bundle even though SKILL.md documents an installation command (openclaw install doctorbot-ci-validator) and describes Python scripts. Without an install spec or bundled code, it's unclear how the referenced scripts would be provided. Lack of an install mechanism is lower direct risk but increases ambiguity about where executable code would come from.
Credentials
The skill declares no required binaries or environment variables, yet the instructions explicitly call python3 and expect to run validation scripts (which likely need libraries such as PyYAML or custom dependencies). This mismatch—no declared runtime requirements while requiring Python execution—is disproportionate and unexplained.
Persistence & Privilege
The skill does not request elevated persistence: always is false, and there are no required config paths or credentials. disable-model-invocation is false (normal). There is no evidence the skill tries to modify other skills or request system-wide configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-doctorbot-ci-validator - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-doctorbot-ci-validator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of doctorbot-ci-validator.
- Provides offline, deterministic validation for CI/CD workflow files (GitHub Actions, GitLab CI, Keep, and more).
- Supports both full-featured workflow logic validation and fast YAML syntax checks.
- No environment dependencies—no live databases or networks required.
- Includes command-line scripts for file and directory validation.
- Suitable for pre-commit hooks, CI/CD pipelines, and agent-based code generation.
元数据
常见问题
Doctorbot Ci Validator 是什么?
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 794 次。
如何安装 Doctorbot Ci Validator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-doctorbot-ci-validator」即可一键安装,无需额外配置。
Doctorbot Ci Validator 是免费的吗?
是的,Doctorbot Ci Validator 完全免费(开源免费),可自由下载、安装和使用。
Doctorbot Ci Validator 支持哪些平台?
Doctorbot Ci Validator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Doctorbot Ci Validator?
由 bamontejano(@bamontejano)开发并维护,当前版本 v0.1.0。
推荐 Skills