← Back to Skills Marketplace
daniellummis

GitHub Actions Timeout Risk Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
255
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-timeout-risk-audit
Description
Audit GitHub Actions job runtime risk against timeout thresholds so near-timeout jobs get fixed before they fail CI.
README (SKILL.md)

GitHub Actions Timeout Risk Audit

Use this skill to find GitHub Actions jobs that are timing out or trending dangerously close to timeout limits.

What this skill does

  • Reads one or more run JSON exports (gh run view --json ...)
  • Calculates per-job runtime (completedAt - startedAt)
  • Flags risk severity by configured timeout threshold:
    • warn when runtime exceeds WARN_RATIO * JOB_TIMEOUT_SECONDS
    • critical when runtime exceeds CRITICAL_RATIO * JOB_TIMEOUT_SECONDS
    • always critical for jobs with conclusion=timed_out
  • Groups repeated jobs by repository + workflow + job name
  • Emits text or JSON output for CI gates / dashboards

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • JOB_TIMEOUT_SECONDS (default: 3600)
  • WARN_RATIO (default: 0.80)
  • CRITICAL_RATIO (default: 0.95)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • WORKFLOW_MATCH, WORKFLOW_EXCLUDE (regex, optional)
  • JOB_MATCH, JOB_EXCLUDE (regex, optional)
  • REPO_MATCH, REPO_EXCLUDE (regex, optional)
  • BRANCH_MATCH, BRANCH_EXCLUDE (regex, optional)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,headBranch,url,repository,jobs \
  > artifacts/github-actions/run-\x3Crun-id>.json

Ensure jobs includes startedAt, completedAt, and conclusion.

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
JOB_TIMEOUT_SECONDS=3600 \
WARN_RATIO=0.85 \
CRITICAL_RATIO=0.95 \
bash skills/github-actions-timeout-risk-audit/scripts/timeout-risk-audit.sh

JSON output + fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-timeout-risk-audit/scripts/timeout-risk-audit.sh

Repo/workflow filter:

RUN_GLOB='artifacts/github-actions/*.json' \
REPO_MATCH='^flowcreatebot/' \
WORKFLOW_MATCH='(CI|Build)' \
bash skills/github-actions-timeout-risk-audit/scripts/timeout-risk-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-timeout-risk-audit/fixtures/*.json' \
bash skills/github-actions-timeout-risk-audit/scripts/timeout-risk-audit.sh

Output contract

  • Exit 0 in reporting mode
  • Exit 1 when FAIL_ON_CRITICAL=1 and at least one critical instance exists
  • Text output includes summary, thresholds, and top timeout-risk jobs
  • JSON output includes summary, ranked groups, and critical_instances
Usage Guidance
This skill appears coherent and only processes local GitHub Actions run JSON files to report timeout risk. Before installing or running: (1) ensure you have bash and python3 available and, if you intend to collect runs with the `gh` CLI as shown, make sure `gh` is installed (the skill does not declare it as a required binary); (2) verify RUN_GLOB points to only trusted JSON artifacts (do not point it at untrusted directories or sensitive files), and (3) review the included script if you plan to run it in automated CI to confirm the output/exit-code behavior (FAIL_ON_CRITICAL) matches your gating needs.
Capability Analysis
Type: OpenClaw Skill Name: github-actions-timeout-risk-audit Version: 1.0.0 The skill is a utility for auditing GitHub Actions job runtimes to identify timeout risks using JSON exports. The core logic in `scripts/timeout-risk-audit.sh` (which contains an embedded Python script) safely processes local files via globbing and JSON parsing, calculates durations, and applies regex filters. No evidence of data exfiltration, malicious execution, or prompt injection was found; the file access and processing are strictly aligned with the stated purpose of CI monitoring.
Capability Assessment
Purpose & Capability
The skill's name and description match the included script and fixtures: it parses GitHub Actions run JSON exports and ranks jobs by runtime vs configured thresholds. Minor mismatch: the SKILL.md shows collecting run JSON with the `gh` CLI, but `gh` is not listed in the declared required binaries — the script itself only needs bash and python3 and processes local JSON files.
Instruction Scope
Runtime instructions and the script operate on local JSON files matched by RUN_GLOB, compute durations, apply regex filters, and emit text/JSON reports. There are no instructions to read unrelated system files, access credentials, or transmit data to external endpoints.
Install Mechanism
This is an instruction-only skill with an included script and fixtures and no install spec. Nothing is downloaded or extracted at install time.
Credentials
The skill does not request environment variables, credentials, or config paths beyond optional runtime parameters (RUN_GLOB, thresholds, regex filters). These are proportional to the stated auditing task.
Persistence & Privilege
The skill does not request always:true, does not persist configuration, and does not modify other skills or system-wide settings. It runs on demand and uses only local artifacts.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-timeout-risk-audit
  3. After installation, invoke the skill by name or use /github-actions-timeout-risk-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release – audit GitHub Actions jobs for timeout risks. - Calculates per-job runtime from GitHub Actions run JSON files. - Flags jobs as `warn` or `critical` based on configurable timeout ratios. - Groups repeated jobs for concise reporting. - Supports configurable input filters and output formats (text or JSON). - Can fail CI on critical timeout risks if desired.
Metadata
Slug github-actions-timeout-risk-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Timeout Risk Audit?

Audit GitHub Actions job runtime risk against timeout thresholds so near-timeout jobs get fixed before they fail CI. It is an AI Agent Skill for Claude Code / OpenClaw, with 255 downloads so far.

How do I install GitHub Actions Timeout Risk Audit?

Run "/install github-actions-timeout-risk-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Timeout Risk Audit free?

Yes, GitHub Actions Timeout Risk Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Timeout Risk Audit support?

GitHub Actions Timeout Risk Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Timeout Risk Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments