ci-cd-reviewer_skill

This skill reviews CI/CD pipelines for structure, security, and optimization, helping you improve workflows across GitHub Actions, GitLab CI, and Jenkins.
  • TypeScript

1

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill physics91/claude-vibe --skill ci-cd-reviewer

  • SKILL.md8.4 KB

Overview

This skill reviews CI/CD pipelines to surface structure, security, caching, and deployment issues. It targets common pipeline files (GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure) and provides prioritized recommendations. The goal is concrete, actionable fixes to speed builds, reduce risk, and improve deployment safety. It excludes deep Kubernetes or Terraform reviews which are handled by dedicated skills.

How this skill works

The reviewer scans repository pipeline definitions and detects platform, triggers, jobs, and environments. It applies rules for structure (parallelization, job dependencies), security (secrets, permissions, pinned actions), caching (dependency and Docker layer caches), and deployment patterns (staging, rollbacks, verifications). Results are returned as a short report with severity levels and recommended fixes.

When to use it

  • You want a fast audit of GitHub Actions, GitLab CI, or Jenkins pipelines
  • Optimizing build time and caching across CI jobs
  • Validating secrets handling, permissions, and third-party action pinning
  • Checking deployment safety: staging, rollbacks, and health checks
  • Before merging heavy pipeline changes or onboarding CI for a repo

Best practices

  • Parallelize independent jobs and use needs to express dependencies
  • Explicitly set permissions and avoid plaintext secrets; prefer OIDC where possible
  • Pin third-party actions to commit SHAs or immutable tags
  • Add dependency caching (lockfile hashes) and Docker layer cache
  • Use separate staging environment and manual approvals for production
  • Include post-deploy verification and rollback steps in deployment jobs

Example use cases

  • Audit a repo with .github/workflows/*.yml to identify sequential jobs and missing caches
  • Review a GitLab CI file for reusable templates, caching, and artifact retention
  • Detect unpinned third-party actions and missing permissions that expose secrets
  • Recommend a canary or blue-green promotion flow with verification and rollback
  • Suggest converting duplicated steps into composite actions or shared templates

FAQ

It detects .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile, azure-pipelines.yml, and .circleci/config.yml.

Does it modify pipeline files automatically?

No. It produces a prioritized report with concrete suggestions; changes should be applied and tested by maintainers.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational