← Back to Skills Marketplace
daniellummis

GitHub Actions Commit Health Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
251
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-commit-health-audit
Description
Audit GitHub Actions reliability by commit SHA to surface risky commits causing repeated workflow failures across branches.
README (SKILL.md)

GitHub Actions Commit Health Audit

Use this skill to find commits that repeatedly fail CI so teams can prioritize rollback, revert, or targeted fixes.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Groups runs by repository + commit SHA
  • Scores commit risk using failure rate, failed-run volume, and workflow spread
  • Flags warning/critical commit hotspots
  • Emits text or JSON output for CI checks and triage dashboards

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • BRANCH_MATCH (regex, optional)
  • BRANCH_EXCLUDE (regex, optional)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • SHA_MATCH (regex, optional)
  • SHA_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 25)
  • FAIL_CRITICAL_PERCENT (default: 50)
  • WARN_SCORE (default: 35)
  • CRITICAL_SCORE (default: 60)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=3 \
bash skills/github-actions-commit-health-audit/scripts/commit-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-commit-health-audit/scripts/commit-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-commit-health-audit/fixtures/*.json' \
bash skills/github-actions-commit-health-audit/scripts/commit-health-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more commits are critical
  • Text mode prints summary + ranked commit-risk groups
  • JSON mode prints summary + scored groups + critical commit details
Usage Guidance
This skill appears to do what it says: analyze local GitHub Actions run JSON exports and report risky commits. Before installing/using it: 1) Note SKILL.md shows using the GitHub CLI ('gh run view') to collect run JSONs — ensure you have 'gh' available if you want to use that collection step (the script itself does not invoke 'gh'). 2) Run the bundled fixtures first (RUN_GLOB pointing at skills/.../fixtures/*.json) to verify output and behavior. 3) Inspect the full script if you have strict policies (the included code runs locally and the visible parts do not perform network calls or read secrets). 4) Ensure artifacts you point RUN_GLOB at do not contain sensitive tokens or secrets, and run the script in an environment you control. 5) If you need automated collection of run JSONs, prefer running 'gh' manually or via CI with minimal-scoped tokens rather than giving broad credentials to external tools.
Capability Analysis
Type: OpenClaw Skill Name: github-actions-commit-health-audit Version: 1.0.0 The skill is a legitimate utility for auditing GitHub Actions CI/CD health by analyzing JSON run exports. It processes local files specified by a glob pattern, aggregates failure statistics, and generates reports. The code (scripts/commit-health-audit.sh) uses safe practices for executing the embedded Python logic, including proper argument handling and error catching during JSON parsing, which prevents accidental data leakage from non-JSON files. No indicators of data exfiltration, malicious execution, or prompt injection were found.
Capability Assessment
Purpose & Capability
The name/description match the implementation: the script reads run JSON files, aggregates by repository+SHA, computes failure rates and a heuristic score, and emits text/JSON reports. Required binaries (bash, python3) are appropriate for the bundled shell + python implementation. Minor note: the SKILL.md shows an example using the 'gh' CLI to produce run JSON exports, but 'gh' is not declared in the required binaries list; this is an omission in metadata but does not imply malicious behavior.
Instruction Scope
Runtime instructions and the script operate on local JSON files (RUN_GLOB) and environment inputs documented in SKILL.md. The code parses only the provided JSON artifacts, applies regex filters, and computes scores. It does not reference unexpected system paths or other environment variables beyond those documented. The SKILL.md does suggest using 'gh run view' to collect artifacts (a separate step) — that command would be executed by the user outside the skill if they follow the guide.
Install Mechanism
There is no install spec (instruction-only with a shipped script), so nothing is downloaded or written to disk by an installer. The script is included in the bundle; runtime execution will only run local code using bash/python3.
Credentials
The skill declares no required environment variables or credentials and the script only uses the documented optional env inputs (RUN_GLOB, TOP_N, OUTPUT_FORMAT, etc.). There is no request for unrelated secrets or configuration.
Persistence & Privilege
The skill does not request permanent or elevated privileges (always is false). It does not modify other skills or system-wide configuration in the provided files; it simply reads local artifact JSON files and writes reports/exit codes as expected.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-commit-health-audit
  3. After installation, invoke the skill by name or use /github-actions-commit-health-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release – Audits GitHub Actions by commit to identify and score risky commits: - Reads exported GitHub Actions run JSON and groups by repository + commit SHA - Scores and flags commits with high failure rates, volumes, and workflow spread - Provides configurable output (text or JSON), filtering, and thresholds - Supports optional fail-gate for CI blocking on critical commit risks - Outputs commit health summaries for CI checks and triage dashboards
Metadata
Slug github-actions-commit-health-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Commit Health Audit?

Audit GitHub Actions reliability by commit SHA to surface risky commits causing repeated workflow failures across branches. It is an AI Agent Skill for Claude Code / OpenClaw, with 251 downloads so far.

How do I install GitHub Actions Commit Health Audit?

Run "/install github-actions-commit-health-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Commit Health Audit free?

Yes, GitHub Actions Commit Health Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Commit Health Audit support?

GitHub Actions Commit Health Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Commit Health Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments