
workflow-audit
β 121by bitwarden Β· part of bitwarden/ai-plugins
Check if bwwl is available:
This is the playbook your agent receives when the skill activates β you don't need to read it to use the skill, but it's here to audit before installing.
name: workflow-audit description: > Run the Bitwarden workflow linter (bwwl) against one or more repos and report findings. Strictly read-only β does not modify any files. Categorizes findings as mechanical or judgment using the bitwarden-workflow-linter-rules skill. Supports single repo, multiple repos, or single file/directory scope.
<example> User: Run the workflow linter on the server repo Action: Trigger workflow-audit for that repo </example> <example> User: Lint the workflows across server, clients, and android Action: Trigger workflow-audit in multi-repo mode </example> allowed-tools: Read, Glob, Grep, Skill, Bash(bwwl:*) ---Rules
- This skill is strictly read-only. Do not modify, create, or delete any files.
- Flag uncertainty. If a finding is ambiguous, note it in the report rather than guessing.
Step 2: Determine Scope
Parse the user's request to determine what to lint:
- Single file or directory (e.g.,
.github/workflows/build.ymlor.github/workflows/): Operate on the current repo only. - Multiple repos (e.g., "server, clients, android"): Operate on each repo sequentially. Ask the user for the base directory where their repos are cloned. For each repo, look for its local clone at
<base-dir>/<repo>. If a clone is not found, inform the user and skip that repo. - No specific target: Lint all files in
.github/workflows/of the current directory.
Step 3: Run the Linter
For each repo in scope, run:
bwwl lint -f .github/workflows/Capture both stdout and stderr. If operating on multiple repos, announce which repo is being linted.
Step 4: Parse and Categorize Findings
From the linter output, produce a structured list of findings. Group by file and rule. Consult the bitwarden-workflow-linter-rules skill to categorize each finding:
Mechanical (can be auto-fixed):
name_capitalized,permissions_exist,pinned_job_runner,step_pinned,underscore_outputs,job_environment_prefix,check_pr_target- Simple
run_actionlintfindings (single-line shell fixes)
Judgment (requires user input):
name_exists,step_approved, complexrun_actionlintfindings
Step 5: Report
Output a summary table per repo:
| File | Finding | Rule | Category |
|---|---|---|---|
| ... | ... | ... | ... |
Include totals: mechanical findings, judgment findings, and repos with no issues.
Inform the user that they can use the workflow-fix skill to apply fixes based on these findings.
npx skills add https://github.com/bitwarden/ai-plugins --skill workflow-auditRun this in your project β your agent picks the skill up automatically.
Step 1: Verify Prerequisites
Check if bwwl is available:
bwwl --versionIf the command is not found, stop and inform the user that bwwl must be installed before continuing. Do not attempt to install it.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.