← Back to Skills Marketplace
daniellummis

GitHub Actions Trigger Health Audit

by Daniel Lummis · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
352
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install github-actions-trigger-health-audit
Description
Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize.
README (SKILL.md)

GitHub Actions Trigger Health Audit

Use this skill to find which GitHub Actions trigger events are driving the highest failure rates.

What this skill does

  • Reads one or more GitHub Actions run JSON exports
  • Groups runs by repository + event + workflow
  • Calculates failure/cancel/timeout rates and average runtime
  • Flags warning/critical hotspots based on configurable failure-rate thresholds
  • Supports regex include/exclude filters for repo, workflow, and event
  • Emits text or JSON output for dashboards and automation gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2) — skip low-sample groups
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • EVENT_MATCH (regex, optional)
  • EVENT_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=3 \
FAIL_WARN_PERCENT=25 \
FAIL_CRITICAL_PERCENT=50 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-trigger-health-audit/fixtures/*.json' \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and any group meets critical threshold
  • Text mode prints summary + ranked trigger health hotspots
  • JSON mode prints summary + grouped metrics + critical group details
Usage Guidance
This skill appears to do what it claims: aggregate GitHub Actions run JSON files and report failure rates. Before running it: (1) verify the JSON files you point RUN_GLOB at are the intended artifacts (do not point it at / or system config directories), (2) run against the bundled fixtures first to confirm behavior, (3) if you plan to collect runs via the 'gh' CLI, install and use gh yourself — the skill does not declare it as a required binary, so the SKILL.md example is informational, (4) review the script if you need to be extra cautious; it reads files and prints results but does not exfiltrate data or make network requests. If you want stricter safety, run the script in a sandbox or CI job with limited file access.
Capability Analysis
Type: OpenClaw Skill Name: github-actions-trigger-health-audit Version: 1.0.0 The skill audits GitHub Actions run health by parsing local JSON files, but it contains vulnerabilities that grant broad system access. Specifically, the `RUN_GLOB` environment variable is passed unsanitized to Python's `glob.glob(recursive=True)` in `scripts/trigger-health-audit.sh`, allowing the agent to read any JSON file on the filesystem. Additionally, multiple inputs (e.g., `WORKFLOW_MATCH`, `REPO_MATCH`) are passed directly to `re.compile()`, posing a Regular Expression Denial of Service (ReDoS) risk. While these capabilities are plausibly needed for the stated purpose, the lack of input sanitization and the resulting broad file access meet the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
The skill analyzes local GitHub Actions run JSON exports and produces text/JSON reports — which aligns with the name/description. SKILL.md shows using the 'gh' CLI to fetch run JSONs, but the declared required binaries list only bash and python3; 'gh' is not declared. This is a small documentation/metadata mismatch but not indicative of hidden behavior.
Instruction Scope
Runtime instructions and the included script operate on local JSON files matched by RUN_GLOB, parse fields, aggregate metrics, and print results. They do not attempt network calls, secrets access, or modification of other system/config files. Example use of 'gh run view' is provided for collecting artifacts, but that is user-invoked and not executed by the skill.
Install Mechanism
This is instruction-only with a bundled script; there is no install spec or remote downloads. No archives or external install sources are fetched, so installation risk is minimal.
Credentials
The skill requests no credentials or config paths and only uses optional environment variables for behavior (RUN_GLOB, filters, thresholds). One caution: RUN_GLOB controls which files are read — if a user supplies a glob that points to sensitive system files, the script will attempt to open them. That is a functional capability (it needs to read JSON files) but requires the user to ensure the glob only targets trusted artifact files.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and does not persist credentials. It exits normally and only reads files provided by the user.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install github-actions-trigger-health-audit
  3. After installation, invoke the skill by name or use /github-actions-trigger-health-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of GitHub Actions Trigger Health Audit. - Audits GitHub Actions runs, grouping by repository, event, and workflow. - Calculates failure, cancel, and timeout rates, plus average runtime. - Flags warning and critical hotspots based on configurable thresholds. - Supports include/exclude regex filters for repo, workflow, and event. - Offers text and JSON output for dashboards and automation gating. - Customizable thresholds and fail conditions for automation integration.
Metadata
Slug github-actions-trigger-health-audit
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is GitHub Actions Trigger Health Audit?

Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize. It is an AI Agent Skill for Claude Code / OpenClaw, with 352 downloads so far.

How do I install GitHub Actions Trigger Health Audit?

Run "/install github-actions-trigger-health-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is GitHub Actions Trigger Health Audit free?

Yes, GitHub Actions Trigger Health Audit is completely free (open-source). You can download, install and use it at no cost.

Which platforms does GitHub Actions Trigger Health Audit support?

GitHub Actions Trigger Health Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created GitHub Actions Trigger Health Audit?

It is built and maintained by Daniel Lummis (@daniellummis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments