CI Whisperer
PassAudited by ClawScan on May 1, 2026.
Overview
CI Whisperer is a coherent GitHub Actions troubleshooting skill, but it uses your authenticated GitHub CLI and has an opt-in mode that can create branches or PRs.
This looks safe for its intended CI troubleshooting purpose. Before installing, be comfortable with it using your local GitHub CLI account to read run logs. Keep CI_WHISPERER_WRITE unset unless you explicitly want it to create a fix PR, and use a trusted or isolated checkout before allowing it to run local tests.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The installer may not warn users that the skill depends on a local authenticated GitHub CLI session.
The registry metadata does not surface the GitHub CLI, GitHub authentication, or optional write-toggle setup described in the skill docs. This appears to be a setup transparency issue rather than hidden behavior.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Declare the GitHub CLI and optional CI_WHISPERER_WRITE toggle in metadata if supported, and users should verify which GitHub account gh is authenticated as.
Actions are performed with whatever repository access the local GitHub CLI account has.
The skill uses the user's authenticated GitHub CLI identity to access run metadata and logs, and possibly to create PRs in opt-in write mode.
If `gh` is not authenticated, stop and ask the user to run: `/usr/bin/gh auth login`
Use a GitHub account/token with only the access needed for the target repository, and confirm the active gh account before use.
Private build output or accidental secrets in CI logs may be processed by the agent and could be quoted if not redacted carefully.
The skill intentionally brings CI logs into the agent context. Logs can contain secrets or untrusted text, although the skill instructs redaction before quoting.
`gh run view <run-id> --repo owner/repo --log-failed` ... `the exact error excerpt (short; redact secrets)`
Prefer failed logs over full logs, review excerpts before sharing externally, and avoid using the skill on logs known to contain secrets.
If write mode is enabled, the agent may create branches, edit files, and open PRs in the target repository.
PR fix mode can mutate repository state, but the instructions require both explicit user approval and a local write-mode toggle.
If the user asks to fix it and `CI_WHISPERER_WRITE=1`: - create a branch - apply minimal changes - run local lint/tests if available - open PR
Leave CI_WHISPERER_WRITE unset unless you intend to allow PR creation, and review any diff and PR text before relying on it.
On an untrusted repository, local test or lint scripts could run code on the user's machine.
Running project lint or test commands can execute repository code. This is purpose-aligned for validating CI fixes and is limited to opt-in PR fix mode.
run local lint/tests if available
Run PR fix mode only in trusted repositories or an isolated environment, especially before executing project test scripts.