pskoett/skill-tester-ci
skills/skill-tester-ci/SKILL.md
Validates all CI skills in this repo. Checks Agent Skills spec compliance, gh-aw workflow compilation, permission correctness, and structural conventions. Use when CI skills have been added or modified and you want to verify they compile and conform before committing.
$ install --global
skillsauthnpx skillsauth add pskoett/pskoett-ai-skills skill-tester-ciInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 10:44 AM6.3s1 file scanned
SKILL.md
- name:
- skill-tester-ci
- description:
- Validates all CI skills in this repo. Checks Agent Skills spec compliance, gh-aw workflow compilation, permission correctness, and structural conventions. Use when CI skills have been added or modified and you want to verify they compile and conform before committing.
Skill Tester CI
Validates all CI skills (*-ci) in this repo. Runs spec validation, compiles gh-aw workflows, and checks CI-specific conventions.
When to Use
- After adding or modifying a CI skill
- After upgrading
gh-awto a new version (API changes may break workflows) - Before committing CI skill changes
- Before submitting the plugin for Anthropic review
Prerequisites
gh-awCLI installed (gh extension install github/gh-aw)python3withpyyamlinstalledquick_validate.pyavailable at.claude/skills/skill-creator/scripts/
Checks
1. Anthropic Spec Validation
Run quick_validate.py on every CI skill:
for d in skills/*-ci/; do
python3 .claude/skills/skill-creator/scripts/quick_validate.py "$d"
done
2. Workflow Example Compilation
Extract workflow blocks from each CI skill's references/workflow-example.md and compile with gh aw compile:
# Extract markdown code blocks with frontmatter
# Copy to temp .github/workflows/
# Run: gh aw compile
Pass criteria: Zero compilation errors. Warnings are reported but don't fail.
3. Permission Checks
CI workflows in strict mode must NOT use write permissions directly. Verify:
- No
issues: write(usesafe-outputs: add-commentinstead) - No
pull-requests: write(usesafe-outputs: create-pull-request-review-commentinstead) - No
contents: writeunless the workflow creates files (eval-creator create mode) - Required read permissions present for declared toolsets
4. Structural Checks
| Check | Rule | Severity |
|-------|------|----------|
| Has references/workflow-example.md | Required for all CI skills | Error |
| Workflow example has frontmatter block | At least one ```markdown block with --- | Error |
| Name matches folder | Frontmatter name == directory name | Error |
| Description mentions gh-aw | CI skills should reference gh-aw | Warning |
| Has corresponding interactive skill | foo-ci should have a foo counterpart | Warning |
5. Cross-Workflow Validation
For workflows that use call-workflow:
- Verify the target workflow exists and has
workflow_callin itson:section - Verify the target's inputs match what the caller provides
Output Format
## CI Skill Test Results
**Date:** YYYY-MM-DD
**gh-aw version:** vX.Y.Z
**Skills tested:** N
**Passed:** N
**Compile errors:** N
**Spec failures:** N
### Compilation Results
- [skill-name]: ✓ compiled (N KB) | ✗ error: [message]
### Spec Results
- [skill-name]: ✓ valid | ✗ [error]
### Permission Issues
- [skill-name]: [issue]
Running
Invoke manually:
/skill-tester-ci
Or run the script directly:
bash skills/skill-tester-ci/scripts/run-tests.sh
What This Skill Does NOT Do
- Does not test interactive skills (use
skill-testerfor those) - Does not execute workflows against real repos — only compiles them
- Does not modify skills — reports findings only
- Does not test workflow runtime behavior — compilation validates structure and permissions only
Related Skills
pskoett/self-healing
tools
VerifiedTrustedCommunity
Active runtime recovery for coding agents: when something breaks mid-task, diagnose the root cause, write a fix, VERIFY by re-running the broken thing, then file a `HEAL-` entry to `.learnings/HEALS.md` with proof. Use whenever a command, test, build, or lint fails or exits non-zero; on missing tooling, dependency/lockfile mismatch, wrong runtime version, venv or permission errors, port conflicts, dirty git state, or a missing `.env`; when the agent needs a helper or one-off script that doesn't exist yet; when an external API, tool, or MCP errors or rate-limits; or when a test flakes. Search `HEALS.md` by `Pattern-Key` first — most heals are recurrences, so increment `Recurrence-Count` instead of duplicating. Verify is mandatory: mark `pending-verify` honestly if sandboxed, `abandoned` if the fix can't be made to work. Pairs with `self-improvement` (which promotes recurring heals to durable memory) but owns the verify-before-persist discipline self-improvement doesn't.
199SKILL.mdUpdated Jun 2, 2026
pskoett/control-session-orchestrator
development
VerifiedTrustedCommunity
Control-plane workflow for coordinating multi-agent, multi-session project work from a single Codex, GitHub Copilot, or agent-app control session. Use this skill whenever the user asks to orchestrate agents, create or steer worker sessions, run a workflow-like effort, fan out audits/research/migrations, coordinate parallel implementation streams, monitor other project sessions, or compare this control-session pattern to Claude Code dynamic workflows. This skill is especially relevant when the current session can spawn persistent project sessions and those sessions can spawn their own subagents, creating a two-level orchestration hierarchy.
199SKILL.mdUpdated Jun 2, 2026
pskoett/self-healing
tools
VerifiedTrustedCommunity
Active runtime recovery for coding agents: when something breaks mid-task, diagnose the root cause, write a fix, VERIFY by re-running the broken thing, then file a `HEAL-` entry to `.learnings/HEALS.md` with proof. Use whenever a command, test, build, or lint fails or exits non-zero; on missing tooling, dependency/lockfile mismatch, wrong runtime version, venv or permission errors, port conflicts, dirty git state, or a missing `.env`; when the agent needs a helper or one-off script that doesn't exist yet; when an external API, tool, or MCP errors or rate-limits; or when a test flakes. Search `HEALS.md` by `Pattern-Key` first — most heals are recurrences, so increment `Recurrence-Count` instead of duplicating. Verify is mandatory: mark `pending-verify` honestly if sandboxed, `abandoned` if the fix can't be made to work. Pairs with `self-improvement` (which promotes recurring heals to durable memory) but owns the verify-before-persist discipline self-improvement doesn't.
199SKILL.mdUpdated Jun 2, 2026
pskoett/control-session-orchestrator
development
VerifiedTrustedCommunity
Control-plane workflow for coordinating multi-agent, multi-session project work from a single Codex, GitHub Copilot, or agent-app control session. Use this skill whenever the user asks to orchestrate agents, create or steer worker sessions, run a workflow-like effort, fan out audits/research/migrations, coordinate parallel implementation streams, monitor other project sessions, or compare this control-session pattern to Claude Code dynamic workflows. This skill is especially relevant when the current session can spawn persistent project sessions and those sessions can spawn their own subagents, creating a two-level orchestration hierarchy.
199SKILL.mdUpdated Jun 2, 2026