← Back to Skills Marketplace
daniellummis

GitHub Actions Conclusion Volatility Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
333
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-conclusion-volatility-audit
Description
Audit GitHub Actions workflow conclusion volatility to surface unstable pipelines before they become chronic failures.
README (SKILL.md)

GitHub Actions Conclusion Volatility Audit

Use this skill to detect unstable workflows that frequently flip between success and failure-like outcomes.

What this skill does

  • Reads one or more workflow run JSON exports
  • Groups runs by repository + workflow + branch
  • Calculates volatility using conclusion transitions across run history
  • Flags groups by warn/critical instability thresholds
  • Emits text or JSON output for CI reporting and quality gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 5) — minimum runs before severity is applied
  • WARN_INSTABILITY_PCT (default: 35)
  • CRITICAL_INSTABILITY_PCT (default: 60)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • WORKFLOW_MATCH, WORKFLOW_EXCLUDE (regex, optional)
  • BRANCH_MATCH, BRANCH_EXCLUDE (regex, optional)
  • REPO_MATCH, REPO_EXCLUDE (regex, optional)

Failure-like conclusions are: failure, cancelled, timed_out, action_required, startup_failure.

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,headBranch,conclusion,createdAt,updatedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
WARN_INSTABILITY_PCT=35 \
CRITICAL_INSTABILITY_PCT=60 \
bash skills/github-actions-conclusion-volatility-audit/scripts/conclusion-volatility-audit.sh

JSON output + fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-conclusion-volatility-audit/scripts/conclusion-volatility-audit.sh

Output contract

  • Exit 0 in reporting mode
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more critical groups are found
  • Text output includes summary and top unstable workflow groups
  • JSON output includes summary, ranked groups, and critical_groups
Usage Guidance
This skill appears to do what it says: analyze GitHub Actions run JSON files and report unstable workflows. Before installing/run: (1) Ensure bash and python3 are available. (2) Prepare artifacts by exporting workflow runs (the SKILL.md suggests using 'gh run view' — that will contact GitHub and use the host's gh authentication), and ensure you are comfortable with that network access and the credentials the gh CLI will use. (3) Run the script in a controlled workspace where the JSON artifacts come from trusted repositories (these files include repo names and run URLs). (4) No extra secrets or external endpoints are required by the skill itself, but if you adapt it to automatically fetch runs you should be aware it will contact GitHub via the gh CLI. If you need confirmation of behavior, inspect the included script (scripts/conclusion-volatility-audit.sh) — it is fully self-contained and readable.
Capability Analysis
Type: OpenClaw Skill Name: github-actions-conclusion-volatility-audit Version: 1.0.0 The skill audits GitHub Actions workflow stability by analyzing JSON run logs, but it is classified as suspicious due to broad file system access capabilities. Specifically, the `RUN_GLOB` environment variable in `scripts/conclusion-volatility-audit.sh` is passed directly to Python's `glob.glob()` and `open()` functions without path validation or sanitization, which constitutes a potential arbitrary file read vulnerability. While this capability is plausibly needed for the stated purpose and no evidence of intentional malice or data exfiltration was found, the lack of input restriction on the file paths is a significant security flaw.
Capability Assessment
Purpose & Capability
The name/description match the implementation: the script reads GitHub Actions run JSON files, groups runs, computes transition-based volatility, and emits text/JSON reports. Required binaries (bash, python3) are appropriate for the provided shell + embedded Python implementation.
Instruction Scope
SKILL.md and the script consistently instruct the agent to collect run JSON (example uses 'gh run view'), run the audit script against artifacts/* JSON files, and emit results or fail CI on critical groups. The instructions operate only on local JSON artifacts and do not instruct broad file-system reads or transmitting data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with one included script file; there is no install spec, no archives or third-party downloads, and nothing is written to disk beyond the normal execution of the script and the user-supplied artifacts. Risk from the install mechanism is minimal.
Credentials
The skill declares no required environment variables and the script accepts many optional environment switches (RUN_GLOB, thresholds, filters). One thing to note: SKILL.md shows collecting run JSON via the 'gh' CLI, which uses the user's GitHub authentication (stored credentials or token). The skill itself does not request any secrets, which is proportionate, but collectors (gh) will use whatever GitHub auth is configured on the host.
Persistence & Privilege
The skill is not always-enabled and has no install-time persistence. It does not modify other skills or system-wide config. Autonomous invocation is allowed (platform default) but not combined with elevated privileges or secret access.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-conclusion-volatility-audit
  3. After installation, invoke the skill by name or use /github-actions-conclusion-volatility-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of GitHub Actions Conclusion Volatility Audit. - Audits workflow run histories to identify unstable pipelines based on conclusion changes. - Groups runs by repository, workflow, and branch for fine-grained analysis. - Calculates and flags volatility by configurable warning and critical thresholds. - Supports text and JSON output for CI reporting and quality gates. - Flexible filtering with regex for workflows, branches, and repositories. - Optionally exits with failure when critical instability is detected.
Metadata
Slug github-actions-conclusion-volatility-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Conclusion Volatility Audit?

Audit GitHub Actions workflow conclusion volatility to surface unstable pipelines before they become chronic failures. It is an AI Agent Skill for Claude Code / OpenClaw, with 333 downloads so far.

How do I install GitHub Actions Conclusion Volatility Audit?

Run "/install github-actions-conclusion-volatility-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Conclusion Volatility Audit free?

Yes, GitHub Actions Conclusion Volatility Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Conclusion Volatility Audit support?

GitHub Actions Conclusion Volatility Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Conclusion Volatility Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments