Autonomously diagnose and fix failing Rails CI tests and lint errors using tiered AI models, escalating if needed, and notifying humans without merging.
Security Analysis
high confidenceThe skill's requests and runtime instructions are consistent with its stated purpose (automatically diagnosing and fixing Rails CI failures); it does not ask for unrelated credentials or install mysterious software, but it will need repository access and the ability to run and commit code so you should limit token scope and review pushes.
Name/description (Rails CI fixer) align with the instructions: the SKILL.md uses the gh CLI to pull GitHub Actions logs, runs local test/lint commands (rspec, rubocop), edits test/app code, verifies locally, and commits/pushes fixes. The required tools mentioned (gh, bundle/rspec, rubocop) are reasonable and expected for this purpose.
Instructions legitimately instruct the agent to read CI logs, run specs, modify application/tests, run rubocop, commit, and push — all within the repo. One vague area: "spawn a debug sub-agent" and the escalation loop give the agent discretionary power to insert debug statements and modify files; the SKILL.md tells the agent to remove debug statements before pushing, but the behavior is broad and relies on agent judgment, so the user should confirm approval/limits on what the agent may change and where it pushes.
This is instruction-only and has no install spec; nothing will be downloaded or installed by the skill itself during install time. Runtime requires existing CLIs on the host (gh, Ruby tooling), which is appropriate.
The skill declares no required env vars but the SKILL.md expects the gh CLI to be authenticated and for the agent to have git push ability. That implies access to GitHub credentials (gh auth, GH_TOKEN, or SSH keys) and write permissions to the repository/branch. This is proportionate to the task, but you should ensure any credentials granted are scoped minimally (repo:status/read/write only for branches/PRs as needed), and avoid giving main/organization-wide admin rights.
always:false (normal). The skill runs autonomously by default (disable-model-invocation:false), which is platform standard. Because the skill can modify, commit, and push code, autonomous invocation increases blast radius if misused — consider requiring human-in-the-loop approvals or restricting the agent to work on forks/feature branches rather than protected branches.
Guidance
This skill appears to do what it claims: read CI logs, run tests/lint, modify code, and push fixes. Before installing or enabling it for autonomous runs: (1) ensure the GitHub credentials the agent will use are present and scoped as narrowly as possible (limit repo write access, avoid granting org-wide admin); (2) require the agent to push only to a fork or feature branch (not main/protected branches) or require human approval before pushing/merging; (3) confirm logging/telemetry policies so sensitive data in CI logs (secrets accidentally printed) isn't exfiltrated; (4) ask the skill author to clarify the "debug sub-agent" behavior and to explicitly document where commits are pushed (branch naming/PR vs direct push). If you cannot enforce those constraints, prefer manual usage or require human review before any push.
Latest Release
v1.0.0
Initial release — tiered CI fix loop for Rails projects with RSpec, RuboCop, build/env failure detection, and model-agnostic escalation strategy
Popular Skills
Published by @djc00p on ClawHub
