ticket-pipeline

Automates ticket workflows with a per-ticket pipeline, integrating CI, PR processes, and Slack notifications for seamless project management.

Install this skill

or

17/100

Security score

The ticket-pipeline skill was audited on Mar 8, 2026 and we found 19 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 132

Webhook reference - potential data exfiltration

SourceSKILL.md

132	This is the primary trigger surface for CLI automation, Slack bots, and webhook handlers.

medium line 214

Webhook reference - potential data exfiltration

SourceSKILL.md

214	\| Slack bot \| Webhook handler constructs the `claude -p` call and spawns it as a subprocess \|

medium line 215

Webhook reference - potential data exfiltration

SourceSKILL.md

215	\| Webhook \| HTTP handler receives ticket ID, sets env vars, invokes `claude -p` \|

medium line 167

Access to hidden dotfiles in home directory

SourceSKILL.md

167	(`~/.claude/pipelines/ledger.json`) and state file (`~/.claude/pipelines/{ticket_id}/state.yaml`).

medium line 171

Access to hidden dotfiles in home directory

SourceSKILL.md

171	- Linear: `LINEAR_API_KEY` (or the credential set in `~/.claude/claude_desktop_config.json`)

medium line 177

Access to hidden dotfiles in home directory

SourceSKILL.md

177	Checkpoints are written to `~/.claude/pipelines/{ticket_id}/state.yaml` after every phase

medium line 294

Access to hidden dotfiles in home directory

SourceSKILL.md

294	1. Check `~/.claude/tcb/{ticket_id}/bundle.json`

medium line 376

Access to hidden dotfiles in home directory

SourceSKILL.md

376	Cross-repo detection heuristic: Implementation touches files in repos not matching the ticket's labeled repo (from `~/.claude/epic-team/repo_manifest.yaml`).

medium line 392

Access to hidden dotfiles in home directory

SourceSKILL.md

392	2. Read result from `~/.claude/skill-results/{context_id}/hostile-reviewer.json`

medium line 410

Access to hidden dotfiles in home directory

SourceSKILL.md

410	3. Read result from `~/.claude/skill-results/{context_id}/mergeability-gate.json`

medium line 476

Access to hidden dotfiles in home directory

SourceSKILL.md

476	Gate result log: appended to `~/.claude/skill-results/{context_id}/cdqa-gate-log.json`

medium line 568

Access to hidden dotfiles in home directory

SourceSKILL.md

568	Requires: `~/.claude/epic-team/repo_manifest.yaml` (OMN-2519)

low line 604

Access to hidden dotfiles in home directory

SourceSKILL.md

604	Read the ModelSkillResult from ~/.claude/skill-results/{context_id}/decompose-epic.json

medium line 611

Access to hidden dotfiles in home directory

SourceSKILL.md

611	Pipeline state is stored at `~/.claude/pipelines/{ticket_id}/state.yaml` as the primary state machine. Linear ticket gets a compact summary mirror (run_id, current phase, blocked reason, artifacts).

medium line 615

Access to hidden dotfiles in home directory

SourceSKILL.md

615	Prevents duplicate pipeline runs. Stored at `~/.claude/pipelines/ledger.json`:

low line 622

Access to hidden dotfiles in home directory

SourceSKILL.md

622	"log": "~/.claude/pipeline-logs/OMN-2356.log"

low line 838

Access to hidden dotfiles in home directory

SourceSKILL.md

838	# ~/.claude/skill-results/{context_id}/cdqa-gate-log.json

medium line 901

Access to hidden dotfiles in home directory

SourceSKILL.md

901	- `~/.claude/epic-team/repo_manifest.yaml` (cross-repo detection, OMN-2519)

medium line 902

Access to hidden dotfiles in home directory

SourceSKILL.md

902	- `~/.claude/pipelines/ledger.json` (ticket-run ledger)

Scanned on Mar 8, 2026

View Security Dashboard

Install this skill with one command

/learn @omninode-ai/ticket-pipeline

GitHub Stars 1

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw api backend devops-sre backend-developer product-manager project-manager technical-pm slack linear github development product project management

OmniNode-ai/omniclaude