← Back to Skills Marketplace
daniellummis

GitHub Actions Incident Timeline Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
262
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-incident-timeline-audit
Description
Cluster failed GitHub Actions runs into incident windows by repo to expose outage duration, impact scope, and escalation severity.
README (SKILL.md)

GitHub Actions Incident Timeline Audit

Use this skill to convert noisy failed run exports into incident windows you can triage quickly during CI reliability reviews.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Keeps only failed/cancelled/timed-out style outcomes
  • Groups failures by repository into incident windows using a configurable gap threshold
  • Scores each incident using failed-run and duration thresholds
  • Emits text or JSON output for review docs, ops dashboards, and CI fail gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • INCIDENT_GAP_MINUTES (default: 45)
  • WARN_FAILED_RUNS (default: 2)
  • CRITICAL_FAILED_RUNS (default: 4)
  • WARN_DURATION_MINUTES (default: 20)
  • CRITICAL_DURATION_MINUTES (default: 60)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
INCIDENT_GAP_MINUTES=45 \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-incident-timeline-audit/fixtures/*.json' \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more incidents are critical
  • Text mode prints summary + ranked incident windows
  • JSON mode prints summary + incidents + critical incident details
Usage Guidance
This skill appears to do what it says: parse local GitHub Actions run JSON files and produce incident windows. Before running, ensure the RUN_GLOB path points only to intended JSON exports (so you don't accidentally parse unrelated files), and review any JSON fixtures you feed it (don't run over untrusted files). If you plan to collect run JSON via the 'gh' CLI as shown in the SKILL.md, install/verify 'gh' yourself (it's only an example and not required by the script). If you enable FAIL_ON_CRITICAL=1 be aware the script will exit non‑zero when critical incidents are found (useful for CI gates).
Capability Analysis
Type: OpenClaw Skill Name: github-actions-incident-timeline-audit Version: 1.0.0 The skill is a utility for auditing GitHub Actions failures by clustering them into incident windows based on time gaps and repository. The implementation consists of a bash wrapper (incident-timeline-audit.sh) that executes an embedded Python script to process local JSON files. No evidence of data exfiltration, malicious execution, or prompt injection was found; the code's behavior aligns strictly with its documented purpose.
Capability Assessment
Purpose & Capability
Name/description match the included script and SKILL.md: the script reads exported GitHub Actions run JSON files, groups failures into incidents, scores severity, and emits text/JSON. Required binaries (bash, python3) are appropriate. Minor note: SKILL.md shows an example using the 'gh' CLI to fetch run JSON, but 'gh' is not declared as a required binary — this is a documentation/example omission rather than a functional mismatch.
Instruction Scope
Runtime instructions and the script operate on local JSON files matched by RUN_GLOB and on CLI-provided parameters. The script does not perform network calls, read system-wide config, or access unrelated environment variables. It only parses files, computes clusters, and prints output. There is no evidence of data exfiltration or contacting external endpoints.
Install Mechanism
No install specification — instruction-only with a bundled script. Nothing is downloaded or written to system paths by an installer. Risk from installation is minimal.
Credentials
The skill requests no environment secrets or config paths. All behavioral controls are via optional environment variables (RUN_GLOB, thresholds, filters). No unexpected credentials or keys are required.
Persistence & Privilege
Skill does not request always: true and has no special persistence or privileged actions. It is user-invocable and can be run manually; autonomous invocation is allowed by platform default but is not combined with other red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-incident-timeline-audit
  3. After installation, invoke the skill by name or use /github-actions-incident-timeline-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release – cluster failed GitHub Actions runs into incident windows for reliable CI reviews. - Reads failed/cancelled/timed-out GitHub Actions run exports in JSON. - Groups failures by repository and incident windows using a time gap threshold. - Scores incidents based on failed run and duration thresholds; supports warning and critical levels. - Flexible output: human-friendly text or detailed JSON for dashboards and ops automation. - Provides filters for workflow, repository, and fail gate options.
Metadata
Slug github-actions-incident-timeline-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Incident Timeline Audit?

Cluster failed GitHub Actions runs into incident windows by repo to expose outage duration, impact scope, and escalation severity. It is an AI Agent Skill for Claude Code / OpenClaw, with 262 downloads so far.

How do I install GitHub Actions Incident Timeline Audit?

Run "/install github-actions-incident-timeline-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Incident Timeline Audit free?

Yes, GitHub Actions Incident Timeline Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Incident Timeline Audit support?

GitHub Actions Incident Timeline Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Incident Timeline Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments