Remote OpenClaw Blog
How to Use OpenClaw Skills in CI/CD Pipelines
4 min read ·
OpenClaw skills are not limited to interactive terminal sessions. You can run them in CI/CD pipelines to automate code reviews, enforce coding standards, and catch issues before they reach production. This guide covers practical setups for GitHub Actions, GitLab CI, pre-commit hooks, and more.
Why Run Skills in CI/CD?
Interactive use of OpenClaw is powerful, but it depends on each developer remembering to invoke the agent. CI/CD integration makes skill-powered checks automatic. Every pull request gets reviewed by the same set of skills, every commit gets validated, and the standards encoded in your installed skills are enforced consistently.
Common use cases include:
- Automated code review that checks for patterns defined in your skills
- Style enforcement that goes beyond linting to include architectural patterns
- Security scanning driven by security-focused skills
- Documentation validation ensuring code changes include updated docs
Prerequisites
Before configuring CI/CD, make sure your project has:
- An
.openclaw/directory with your desired skills installed - An OpenClaw configuration file (
openclaw.toml) at the project root - An API key for your chosen LLM provider (stored as a CI secret)
GitHub Actions Setup
Create a workflow file that runs OpenClaw skills on every pull request:
# .github/workflows/openclaw-review.yml
name: OpenClaw Skill Review
on:
pull_request:
branches: [main]
permissions:
contents: read
pull-requests: write
jobs:
skill-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install OpenClaw
run: |
curl -fsSL https://openclaw.dev/install.sh | bash
echo "$HOME/.openclaw/bin" >> $GITHUB_PATH
- name: Run skill-based review
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
run: |
# Get the diff for this PR
git diff origin/main...HEAD > /tmp/pr-diff.txt
# Run OpenClaw with review skills
openclaw review \
--diff /tmp/pr-diff.txt \
--skills code-review,security-audit \
--output /tmp/review-results.md
- name: Post review comment
if: always()
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const body = fs.readFileSync('/tmp/review-results.md', 'utf8');
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: body
});
This workflow installs OpenClaw, runs a review using your installed skills, and posts the results as a PR comment.
Running Specific Skills
You can target specific skills for different file types:
- name: Review TypeScript files
run: |
openclaw review \
--diff /tmp/pr-diff.txt \
--skills typescript-strict,react-best-practices \
--include "**/*.ts,**/*.tsx"
- name: Review infrastructure changes
run: |
openclaw review \
--diff /tmp/pr-diff.txt \
--skills terraform-security,iac-best-practices \
--include "**/*.tf,**/Dockerfile"
GitLab CI Setup
The same approach works in GitLab CI with minor syntax changes:
# .gitlab-ci.yml
openclaw-review:
stage: review
image: ubuntu:24.04
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
variables:
ANTHROPIC_API_KEY: $ANTHROPIC_API_KEY
before_script:
- curl -fsSL https://openclaw.dev/install.sh | bash
- export PATH="$HOME/.openclaw/bin:$PATH"
script:
- git diff origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME...HEAD > /tmp/mr-diff.txt
- openclaw review
--diff /tmp/mr-diff.txt
--skills code-review,security-audit
--output /tmp/review-results.md
artifacts:
paths:
- /tmp/review-results.md
when: always
Adding Review Comments to GitLab MRs
Use the GitLab API to post review results as merge request notes:
after_script:
- |
if [ -f /tmp/review-results.md ]; then
curl --request POST \
--header "PRIVATE-TOKEN: $GITLAB_TOKEN" \
--header "Content-Type: application/json" \
--data "{\"body\": \"$(cat /tmp/review-results.md | jq -Rs .)\"}" \
"$CI_API_V4_URL/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes"
fi
Pre-Commit Hooks
For faster feedback, run lightweight skill checks as pre-commit hooks. This catches issues before code even reaches the CI pipeline.
Marketplace
Free skills and AI personas for OpenClaw — browse the marketplace.
Browse the Marketplace →Using the Pre-Commit Framework
Add OpenClaw to your .pre-commit-config.yaml:
# .pre-commit-config.yaml
repos:
- repo: local
hooks:
- id: openclaw-check
name: OpenClaw Skill Check
entry: openclaw check --skills style-enforcer --staged
language: system
types: [python, javascript, typescript]
pass_filenames: false
Install the hook:
pre-commit install
Now every commit runs the style-enforcer skill against staged files.
A Lightweight Git Hook Alternative
If you prefer not to use the pre-commit framework, create a git hook directly:
#!/bin/bash
# .git/hooks/pre-commit
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACMR)
if [ -z "$STAGED_FILES" ]; then
exit 0
fi
echo "Running OpenClaw skill check on staged files..."
openclaw check \
--skills quick-review \
--files $STAGED_FILES \
--fail-on error
EXIT_CODE=$?
if [ $EXIT_CODE -ne 0 ]; then
echo "OpenClaw skill check found issues. Fix them before committing."
exit 1
fi
Make it executable:
chmod +x .git/hooks/pre-commit
Managing API Costs in CI
Running LLM-powered checks on every commit can get expensive. Here are strategies to manage costs:
- Run on PRs only, not every push. This limits API calls to code that is ready for review.
- Use lighter models for CI. Configure a smaller, cheaper model for automated checks and save larger models for interactive use.
- Cache skill results. If the same file has not changed between runs, skip re-checking it.
- Set budget limits. Use the
--max-tokensflag to cap token usage per run.
- name: Run cost-aware review
run: |
openclaw review \
--diff /tmp/pr-diff.txt \
--skills code-review \
--model claude-3-haiku \
--max-tokens 4000
Combining Multiple Skills in a Pipeline
Create a multi-stage pipeline that runs different skills at different stages:
# .github/workflows/openclaw-full-pipeline.yml
name: OpenClaw Full Pipeline
on:
pull_request:
branches: [main]
jobs:
quick-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fast style check
run: openclaw check --skills style-enforcer --staged
security-review:
runs-on: ubuntu-latest
needs: quick-check
steps:
- uses: actions/checkout@v4
- name: Security skill scan
run: openclaw review --skills security-audit,dependency-check --diff /tmp/pr-diff.txt
architecture-review:
runs-on: ubuntu-latest
needs: quick-check
steps:
- uses: actions/checkout@v4
- name: Architecture check
run: openclaw review --skills architecture-patterns --diff /tmp/pr-diff.txt
Summary
Running OpenClaw skills in CI/CD pipelines turns your team's coding standards into automated checks. Start with a simple PR review workflow, then expand to pre-commit hooks and multi-stage pipelines as your confidence grows. Browse the skills directory to find review and security skills ready for CI integration.
Browse the Skills Directory
Find the right skill for your workflow. The OpenClaw Bazaar skills directory has over 2,300 community-rated skills — searchable, sortable, and free to install.
Built a Skill? List It on the Bazaar
If you have built a skill that others would find useful, publish it on the Bazaar. Reach thousands of developers and get feedback from the community.