← Back to Skills Marketplace
GitHub Actions Run Gap Audit
by
Daniel Lummis
· GitHub ↗
· v1.1.0
265
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install github-actions-run-gap-audit
Description
Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap.
README (SKILL.md)
GitHub Actions Run Gap Audit
Use this skill to detect workflow groups that have gone unexpectedly quiet (stale triggers, broken schedules, disabled automation, branch drift).
What this skill does
- Reads GitHub Actions run JSON exports
- Groups by repository + workflow + branch + event
- Computes historical cadence (median and p90 interval hours)
- Compares latest inactivity gap vs historical cadence
- Scores risk severity (
ok,warn,critical) - Emits text or JSON for CI checks and automation guardrails
Inputs
Optional:
RUN_GLOB(default:artifacts/github-actions/*.json)TOP_N(default:20)OUTPUT_FORMAT(textorjson, default:text)MIN_RUNS(default:4)WARN_GAP_MULTIPLIER(default:2.0)CRITICAL_GAP_MULTIPLIER(default:3.5)MIN_WARN_GAP_HOURS(default:12)MIN_CRITICAL_GAP_HOURS(default:24)WORKFLOW_MATCH(regex, optional)WORKFLOW_EXCLUDE(regex, optional)BRANCH_MATCH(regex, optional)BRANCH_EXCLUDE(regex, optional)EVENT_MATCH(regex, optional)EVENT_EXCLUDE(regex, optional)REPO_MATCH(regex, optional)REPO_EXCLUDE(regex, optional)RUN_ID_MATCH(regex, optional)RUN_ID_EXCLUDE(regex, optional)RUN_URL_MATCH(regex, optional)RUN_URL_EXCLUDE(regex, optional)NOW_ISO(optional fixed evaluation time for deterministic CI tests)FAIL_ON_CRITICAL(0or1, default:0)
Collect run JSON
gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
> artifacts/github-actions/run-\x3Crun-id>.json
Run
Text report:
RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=5 \
WARN_GAP_MULTIPLIER=2.25 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
JSON output with fail gate:
RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Targeted run-scope triage:
RUN_GLOB='artifacts/github-actions/*.json' \
RUN_ID_MATCH='^(88|89)' \
RUN_URL_EXCLUDE='rerun' \
OUTPUT_FORMAT=json \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Run with bundled fixtures:
RUN_GLOB='skills/github-actions-run-gap-audit/fixtures/*.json' \
NOW_ISO='2026-03-07T00:00:00Z' \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Output contract
- Exit
0in report mode (default) - Exit
1whenFAIL_ON_CRITICAL=1and one or more groups are critical - Text mode prints summary + ranked stale workflow groups
- JSON mode prints summary + ranked groups + critical group details
Usage Guidance
This skill is coherent and appears to do only local analysis of exported GitHub Actions run JSON files. Before installing/using it: (1) confirm you have bash and python3 available; (2) if you plan to follow the SKILL.md example that uses 'gh run view', make sure you have the GitHub CLI installed and authenticated — the script itself does not call 'gh' and 'gh' is not declared as a required binary; (3) run the audit against the included fixtures first (RUN_GLOB pointing to skills/.../fixtures/*.json) to validate behavior; (4) avoid pointing RUN_GLOB at directories containing unrelated or sensitive JSON files — the script will parse any matched files; and (5) review the script yourself if you have stricter security requirements, though no obfuscated code, network endpoints, or credential exfiltration were found in the provided files.
Capability Analysis
Type: OpenClaw Skill
Name: github-actions-run-gap-audit
Version: 1.1.0
The skill is a legitimate utility designed to audit GitHub Actions workflow history for inactivity gaps. It processes local JSON files using standard Python libraries (glob, json, re, statistics) to calculate historical run cadences and identify stale workflows. No indicators of data exfiltration, malicious execution, or prompt injection were found in scripts/run-gap-audit.sh or SKILL.md.
Capability Assessment
Purpose & Capability
The skill's name/description (detecting stale GitHub Actions runs) matches what the bundled script and fixtures do: parse run JSON files, compute cadence statistics, and emit a report. One minor inconsistency: SKILL.md shows using the 'gh' CLI to export runs (gh run view ...) but 'gh' is not listed among required binaries. Either the user must supply those exports themselves (which is reasonable) or the skill should declare 'gh' as a required binary if it expects to invoke it.
Instruction Scope
SKILL.md and scripts instruct the agent/user to read local JSON files (RUN_GLOB) and run the audit; the Python code only parses files, computes statistics, and prints text/JSON. There are no commands or instructions to read unrelated system files, call external servers, or exfiltrate data. The examples do show using 'gh' to collect data, which involves network access when the user runs that step, but that is external to the audit script itself.
Install Mechanism
There is no install spec (instruction-only plus an included script). Nothing is downloaded or executed from external URLs during install. The runtime requires bash and python3 (declared), which are proportionate for running the included script.
Credentials
The skill requires no credentials or config paths. It accepts many optional environment inputs (globs, regex filters, numeric thresholds) which are reasonable for a configurable audit tool; none are named like SECRET/TOKEN or otherwise request sensitive credentials.
Persistence & Privilege
always is false and the skill does not request persistent system-level presence or modify other skills. It does not attempt to enable itself or write persistent credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install github-actions-run-gap-audit - After installation, invoke the skill by name or use
/github-actions-run-gap-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Add run-scope regex filters (RUN_ID_MATCH/EXCLUDE, RUN_URL_MATCH/EXCLUDE) for targeted cadence triage.
v1.0.0
Initial release of github-actions-run-gap-audit skill.
- Detects GitHub Actions workflow groups with unusual inactivity based on historical run cadences.
- Groups runs by repository, workflow, branch, and event for analysis.
- Computes and compares inactivity gaps to historical medians to score risk (`ok`, `warn`, `critical`).
- Supports customizable thresholds, filters, and output formats (text or JSON).
- Exit codes allow for CI/automation enforcement based on findings.
Metadata
Frequently Asked Questions
What is GitHub Actions Run Gap Audit?
Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap. It is an AI Agent Skill for Claude Code / OpenClaw, with 265 downloads so far.
How do I install GitHub Actions Run Gap Audit?
Run "/install github-actions-run-gap-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is GitHub Actions Run Gap Audit free?
Yes, GitHub Actions Run Gap Audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does GitHub Actions Run Gap Audit support?
GitHub Actions Run Gap Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created GitHub Actions Run Gap Audit?
It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.1.0.
More Skills