← Back to Skills Marketplace
daniellummis

GitHub Actions Deploy Risk Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
276
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-deploy-risk-audit
Description
Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.
README (SKILL.md)

GitHub Actions Deploy Risk Audit

Use this skill to rank deployment workflows that are currently risky to trust for production releases.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Filters to deployment/release workflows (configurable regex)
  • Groups by repository + workflow + branch
  • Scores risk using:
    • failure rate
    • unresolved trailing failure streak
    • days since last successful run
  • Flags warning/critical groups based on configurable score thresholds
  • Emits text or JSON output for CI dashboards and release gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • DEPLOY_WORKFLOW_MATCH (default: (?i)(deploy|release|ship|production))
  • BRANCH_MATCH (regex, optional)
  • BRANCH_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • STALE_SUCCESS_DAYS (default: 7)
  • WARN_SCORE (default: 35)
  • CRITICAL_SCORE (default: 60)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
DEPLOY_WORKFLOW_MATCH='(?i)(deploy|release)' \
MIN_RUNS=3 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-deploy-risk-audit/fixtures/*.json' \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked deploy risk groups
  • JSON mode prints summary + scored groups + critical group details
Usage Guidance
This skill appears to do what it says: parse local GitHub Actions run JSON files and compute risk scores. Before installing or running it: (1) Confirm where RUN_GLOB points — avoid matching sensitive or unrelated files; (2) The SKILL.md examples use the GitHub CLI ('gh') to collect run JSON, but 'gh' is not declared as required — install/authorize 'gh' yourself if you plan to use those collection steps; (3) Output can include run URLs from the JSON payloads — be careful not to send output to untrusted external systems if those URLs are sensitive; (4) The script accepts user-provided regex patterns (for workflows, repos, branches) so ensure patterns are trusted and avoid pathological regexes if supplied programmatically; (5) I reviewed the majority of the script but the provided file contents were truncated in the manifest — if you need higher assurance, inspect the complete scripts/deploy-risk-audit.sh file before use.
Capability Analysis
Type: OpenClaw Skill Name: github-actions-deploy-risk-audit Version: 1.0.0 The skill is a legitimate utility for auditing GitHub Actions deployment risks by analyzing workflow run JSON exports. It calculates risk scores based on failure rates, streaks, and staleness, providing reports in text or JSON format. The implementation in `deploy-risk-audit.sh` uses a Python script to process local files identified via a glob pattern, with no evidence of network exfiltration, unauthorized command execution, or malicious intent.
Capability Assessment
Purpose & Capability
Name/description match the provided script: it ingests GitHub Actions run JSON exports, filters/group them, and computes risk scores. Required binaries (bash, python3) are proportional to the task.
Instruction Scope
SKILL.md shows how to collect run JSON using the 'gh' CLI, but 'gh' is not listed as a required binary; the script itself only reads local JSON files. The instructions and script operate on local artifacts (RUN_GLOB) and emit text/JSON; they do not access other system credentials or external endpoints. Be aware outputs include sample run URLs from the JSON payloads (which might expose internal URLs if sent to external logs).
Install Mechanism
No install spec (instruction-only with an included script) — nothing is downloaded or extracted. The skill will run locally with bash and python3; that is low-risk from an install perspective.
Credentials
The skill requests no secrets, no config paths, and only uses optional environment variables for filtering and formatting. The set of environment inputs shown in SKILL.md is reasonable and optional; no unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. It runs on-demand and does not appear to alter agent configuration or store credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-deploy-risk-audit
  3. After installation, invoke the skill by name or use /github-actions-deploy-risk-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: deploy workflow risk scoring by failure rate, trailing failure streak, and stale-success age with text/json outputs and fail gate.
Metadata
Slug github-actions-deploy-risk-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Deploy Risk Audit?

Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy. It is an AI Agent Skill for Claude Code / OpenClaw, with 276 downloads so far.

How do I install GitHub Actions Deploy Risk Audit?

Run "/install github-actions-deploy-risk-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Deploy Risk Audit free?

Yes, GitHub Actions Deploy Risk Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Deploy Risk Audit support?

GitHub Actions Deploy Risk Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Deploy Risk Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments