← 返回 Skills 市场
GitHub Actions Run Gap Audit
作者
Daniel Lummis
· GitHub ↗
· v1.1.0
265
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install github-actions-run-gap-audit
功能描述
Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap.
使用说明 (SKILL.md)
GitHub Actions Run Gap Audit
Use this skill to detect workflow groups that have gone unexpectedly quiet (stale triggers, broken schedules, disabled automation, branch drift).
What this skill does
- Reads GitHub Actions run JSON exports
- Groups by repository + workflow + branch + event
- Computes historical cadence (median and p90 interval hours)
- Compares latest inactivity gap vs historical cadence
- Scores risk severity (
ok,warn,critical) - Emits text or JSON for CI checks and automation guardrails
Inputs
Optional:
RUN_GLOB(default:artifacts/github-actions/*.json)TOP_N(default:20)OUTPUT_FORMAT(textorjson, default:text)MIN_RUNS(default:4)WARN_GAP_MULTIPLIER(default:2.0)CRITICAL_GAP_MULTIPLIER(default:3.5)MIN_WARN_GAP_HOURS(default:12)MIN_CRITICAL_GAP_HOURS(default:24)WORKFLOW_MATCH(regex, optional)WORKFLOW_EXCLUDE(regex, optional)BRANCH_MATCH(regex, optional)BRANCH_EXCLUDE(regex, optional)EVENT_MATCH(regex, optional)EVENT_EXCLUDE(regex, optional)REPO_MATCH(regex, optional)REPO_EXCLUDE(regex, optional)RUN_ID_MATCH(regex, optional)RUN_ID_EXCLUDE(regex, optional)RUN_URL_MATCH(regex, optional)RUN_URL_EXCLUDE(regex, optional)NOW_ISO(optional fixed evaluation time for deterministic CI tests)FAIL_ON_CRITICAL(0or1, default:0)
Collect run JSON
gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
> artifacts/github-actions/run-\x3Crun-id>.json
Run
Text report:
RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=5 \
WARN_GAP_MULTIPLIER=2.25 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
JSON output with fail gate:
RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Targeted run-scope triage:
RUN_GLOB='artifacts/github-actions/*.json' \
RUN_ID_MATCH='^(88|89)' \
RUN_URL_EXCLUDE='rerun' \
OUTPUT_FORMAT=json \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Run with bundled fixtures:
RUN_GLOB='skills/github-actions-run-gap-audit/fixtures/*.json' \
NOW_ISO='2026-03-07T00:00:00Z' \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh
Output contract
- Exit
0in report mode (default) - Exit
1whenFAIL_ON_CRITICAL=1and one or more groups are critical - Text mode prints summary + ranked stale workflow groups
- JSON mode prints summary + ranked groups + critical group details
安全使用建议
This skill is coherent and appears to do only local analysis of exported GitHub Actions run JSON files. Before installing/using it: (1) confirm you have bash and python3 available; (2) if you plan to follow the SKILL.md example that uses 'gh run view', make sure you have the GitHub CLI installed and authenticated — the script itself does not call 'gh' and 'gh' is not declared as a required binary; (3) run the audit against the included fixtures first (RUN_GLOB pointing to skills/.../fixtures/*.json) to validate behavior; (4) avoid pointing RUN_GLOB at directories containing unrelated or sensitive JSON files — the script will parse any matched files; and (5) review the script yourself if you have stricter security requirements, though no obfuscated code, network endpoints, or credential exfiltration were found in the provided files.
功能分析
Type: OpenClaw Skill
Name: github-actions-run-gap-audit
Version: 1.1.0
The skill is a legitimate utility designed to audit GitHub Actions workflow history for inactivity gaps. It processes local JSON files using standard Python libraries (glob, json, re, statistics) to calculate historical run cadences and identify stale workflows. No indicators of data exfiltration, malicious execution, or prompt injection were found in scripts/run-gap-audit.sh or SKILL.md.
能力评估
Purpose & Capability
The skill's name/description (detecting stale GitHub Actions runs) matches what the bundled script and fixtures do: parse run JSON files, compute cadence statistics, and emit a report. One minor inconsistency: SKILL.md shows using the 'gh' CLI to export runs (gh run view ...) but 'gh' is not listed among required binaries. Either the user must supply those exports themselves (which is reasonable) or the skill should declare 'gh' as a required binary if it expects to invoke it.
Instruction Scope
SKILL.md and scripts instruct the agent/user to read local JSON files (RUN_GLOB) and run the audit; the Python code only parses files, computes statistics, and prints text/JSON. There are no commands or instructions to read unrelated system files, call external servers, or exfiltrate data. The examples do show using 'gh' to collect data, which involves network access when the user runs that step, but that is external to the audit script itself.
Install Mechanism
There is no install spec (instruction-only plus an included script). Nothing is downloaded or executed from external URLs during install. The runtime requires bash and python3 (declared), which are proportionate for running the included script.
Credentials
The skill requires no credentials or config paths. It accepts many optional environment inputs (globs, regex filters, numeric thresholds) which are reasonable for a configurable audit tool; none are named like SECRET/TOKEN or otherwise request sensitive credentials.
Persistence & Privilege
always is false and the skill does not request persistent system-level presence or modify other skills. It does not attempt to enable itself or write persistent credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-actions-run-gap-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-actions-run-gap-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Add run-scope regex filters (RUN_ID_MATCH/EXCLUDE, RUN_URL_MATCH/EXCLUDE) for targeted cadence triage.
v1.0.0
Initial release of github-actions-run-gap-audit skill.
- Detects GitHub Actions workflow groups with unusual inactivity based on historical run cadences.
- Groups runs by repository, workflow, branch, and event for analysis.
- Computes and compares inactivity gaps to historical medians to score risk (`ok`, `warn`, `critical`).
- Supports customizable thresholds, filters, and output formats (text or JSON).
- Exit codes allow for CI/automation enforcement based on findings.
元数据
常见问题
GitHub Actions Run Gap Audit 是什么?
Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 265 次。
如何安装 GitHub Actions Run Gap Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-actions-run-gap-audit」即可一键安装,无需额外配置。
GitHub Actions Run Gap Audit 是免费的吗?
是的,GitHub Actions Run Gap Audit 完全免费(开源免费),可自由下载、安装和使用。
GitHub Actions Run Gap Audit 支持哪些平台?
GitHub Actions Run Gap Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 GitHub Actions Run Gap Audit?
由 Daniel Lummis(@daniellummis)开发并维护,当前版本 v1.1.0。
推荐 Skills