← 返回 Skills 市场

GitHub Actions Manual Trigger Audit

Name: GitHub Actions Manual Trigger Audit
Author: daniellummis

作者 Daniel Lummis · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

259

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-manual-trigger-audit

功能描述

Audit manual GitHub Actions trigger dependence by workflow/event to flag automation gaps and intervention risk.

使用说明 (SKILL.md)

GitHub Actions Manual Trigger Audit

Use this skill to detect workflows that rely too heavily on manual triggers (workflow_dispatch / repository_dispatch) instead of automated CI events.

What this skill does

Reads GitHub Actions run JSON exports
Groups runs by repository + workflow (+ branch)
Measures manual-trigger share vs total run volume
Tracks recent manual-trigger streaks (latest N runs)
Scores severity (ok, warn, critical) for operational risk gating
Emits text or JSON output for automation

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
GROUP_BY (workflow or workflow-branch, default: workflow)
MANUAL_EVENTS (comma-separated, default: workflow_dispatch,repository_dispatch)
RECENT_WINDOW (latest runs inspected for streak, default: 5)
MIN_RUNS (minimum runs required, default: 5)
WARN_MANUAL_RATIO (0..1, default: 0.35)
CRITICAL_MANUAL_RATIO (0..1, default: 0.65)
WARN_MANUAL_RUNS (default: 5)
CRITICAL_MANUAL_RUNS (default: 12)
WARN_RECENT_MANUAL_STREAK (default: 3)
CRITICAL_RECENT_MANUAL_STREAK (default: 5)
WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)
BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)
EVENT_MATCH / EVENT_EXCLUDE (regex, optional)
REPO_MATCH / REPO_EXCLUDE (regex, optional)
FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,headBranch,conclusion,createdAt,updatedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh

JSON output + fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh

Run against bundled fixtures:

RUN_GLOB='skills/github-actions-manual-trigger-audit/fixtures/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh

Output contract

Exit 0 in report mode (default)
Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
Text mode prints summary + ranked workflow groups
JSON mode prints summary + ranked groups + critical groups

安全使用建议

This skill appears to do what it says: analyze local GitHub Actions run JSONs for manual-trigger dependence. Before running it: (1) verify the RUN_GLOB value so the script only reads intended JSON files (avoid globs that could match sensitive system files); (2) if you plan to use the 'gh run view' example to collect data, be aware that requires the GitHub CLI and your authenticated GitHub session/token — that is separate from this skill and not requested by it; (3) review the included script (already present) and consider running it against the bundled fixtures first to see output; (4) run in a constrained environment or review outputs if you are concerned about printing repository URLs or other metadata — the tool may echo URLs contained in the JSON payloads but does not transmit data externally.

功能分析

Type: OpenClaw Skill Name: github-actions-manual-trigger-audit Version: 1.0.0 The skill is a legitimate tool for auditing GitHub Actions workflow runs to identify over-reliance on manual triggers. The implementation consists of a shell wrapper and an inline Python script that processes local JSON files (exported via the GitHub CLI) to calculate metrics like manual-trigger ratios and streaks, with no evidence of data exfiltration, malicious execution, or prompt injection.

能力评估

✓ Purpose & Capability

The skill's name/description match what the code does: it reads GitHub Actions run JSON files, groups and scores workflows for manual-trigger dependence. Required binaries (bash, python3) are appropriate for the included shell+Python script. Minor note: the README examples show using the 'gh' CLI to collect run JSONs, but 'gh' is not listed in the declared required binaries; collecting data with 'gh' is optional for the tool to run (the script only reads local JSON files).

ℹ Instruction Scope

SKILL.md instructs the user to export run JSONs (example uses 'gh run view'), then run the script against a glob of JSON files. The runtime script only reads files matching RUN_GLOB and does not access other system configuration or environment variables. Two cautions: (1) the script will process any files matched by RUN_GLOB, so a mis-set glob could read unrelated local files; (2) the SKILL.md's 'gh' example implies network/GitHub access when collecting data, which is outside the script itself and requires separate user credentials.

✓ Install Mechanism

No install spec; this is instruction-only plus an included script. Nothing is downloaded or installed by the skill package itself.

✓ Credentials

The skill declares no required environment variables or credentials, and the script does not attempt to read secrets or other env vars. Note: collecting run JSONs with the GitHub CLI (as suggested in docs) would require GitHub authentication external to this skill; that is not requested by the skill itself.

✓ Persistence & Privilege

always=false and there is no code that modifies agent configuration or other skills. The default autonomous invocation capability is unchanged (normal platform behavior) and the skill does not request persistent elevated privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-manual-trigger-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-manual-trigger-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — audit and report on manual vs automatic GitHub Actions workflow triggers. - Analyzes GitHub Actions run JSON to measure reliance on manual workflow triggers - Calculates manual trigger share, tracks recent manual streaks, and rates operational risk (ok/warn/critical) - Highly configurable input, output, and scoring parameters - Outputs both human-readable and JSON reports - Supports fail-on-critical gating for automation integration

元数据

Slug github-actions-manual-trigger-audit

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题