Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ci Failure Fixer
v1.0.0Monitor GitHub Actions CI pipelines for failures and automatically fix common issues. Use when asked to watch CI, fix build failures, monitor GitHub Actions,...
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to detect and automatically fix GitHub Actions failures and to push fixes. The packaged script (scripts/check-ci-failures.sh) only discovers failed runs and reports them; there is no implementation of automated modification/commit logic in the repository. SKILL.md and references/fix-patterns.md describe running npm/eslint/playwright and committing changes — which would require local repo clones, git access, node tooling, and push permissions — but these required capabilities are not declared in the skill metadata (no required binaries, no required env, no credential declared). This is an incoherence: either the skill will only report failures (safe-ish) or the agent is expected to execute potentially destructive repo-modifying commands (high privilege) — the package doesn't make which of these will actually happen explicit.
Instruction Scope
Instructions direct the agent to read logs (gh run view), match against error patterns, and 'auto-fix if safe' by running commands like npm install, eslint --fix, or updating snapshots and pushing commits. They also recommend running as a cron job and rely on environment variables (GITHUB_OWNER, CI_REPOS, CI_STATE_FILE) that are not enumerated in the skill's declared requirements. The phrasing gives broad discretion to the agent ('auto-fix if safe' and 'TRY fix, push if confident'), which is open-ended and could lead to unintended code changes or excessive repo access unless human approval and strict safeguards are enforced.
Install Mechanism
No install spec — instruction-only plus a small script — so nothing is downloaded or installed by the skill itself. This minimizes supply-chain/install risk. However, runtime relies on external tooling (gh, python3, git, npm/node, eslint, playwright) that are not managed by an installer here.
Credentials
Metadata declares no required environment variables or primary credential, but SKILL.md and the script require gh CLI authentication and optional env vars (GITHUB_OWNER, CI_REPOS, CI_STATE_FILE). More importantly, auto-fix behaviors described would require push/write permissions to repositories (a GitHub token or gh-authenticated user with repo write access). These sensitive permissions are not listed or scoped, and auto-discovery of 'all repos' risks operating across many repositories the account can access. The skill also writes a state file under $HOME (~/.openclaw/workspace/memory/ci-check-state.json) without declaring that file access in metadata.
Persistence & Privilege
always:false (good). The skill is allowed to be invoked autonomously (platform default), which combined with the instructions to auto-fix and push code increases blast radius. The script writes a state file into the user's home workspace, and the skill is intended to run on a cron schedule. Those are moderate privileges for this purpose but are not excessive by themselves — the real risk is autonomous code changes/pushes described elsewhere in the instructions.
What to consider before installing
This skill is ambiguous: the script only discovers and reports failed CI runs, but the prose and reference file instruct the agent to run commands that modify repositories and push commits (npm install, eslint --fix, update snapshots, git commit/push). Before installing or enabling this skill, consider the following:
- Assume the agent will need a GitHub-authenticated 'gh' session with write access to repos to perform the described auto-fixes. If you enable it, restrict the token/account to only the specific repos it should touch (use a PAT scoped to specific repositories rather than a broad user token).
- Limit CI_REPOS to a small test repository or mirror first; do not rely on auto-discovery of 'all repos' while testing.
- Require a human-in-the-loop: prefer dry-run or require explicit confirmation before any commit/push. The skill's language gives broad discretion to 'auto-fix if safe' which can lead to unintended code changes.
- Review references/fix-patterns.md and the exact commands the agent would run; test them locally on a clone to see their effects.
- If you want only monitoring (no auto-fix), use the script as-is but disable or remove any automation steps that perform git commit/push or modify source files.
Because of the undeclared credential needs, auto-push capability, and open-ended instructions, treat this skill as suspicious until you can enforce tight scoping and human approval policies.Like a lobster shell, security has layers — review code before you run it.
latestvk972vjrv62dh5tdaz0wpe954sh83g7zr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.