← 返回 Skills 市场

GitHub Actions Trigger Health Audit

Name: GitHub Actions Trigger Health Audit
Author: daniellummis

作者 Daniel Lummis · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

352

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-trigger-health-audit

功能描述

Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize.

使用说明 (SKILL.md)

GitHub Actions Trigger Health Audit

Use this skill to find which GitHub Actions trigger events are driving the highest failure rates.

What this skill does

Reads one or more GitHub Actions run JSON exports
Groups runs by repository + event + workflow
Calculates failure/cancel/timeout rates and average runtime
Flags warning/critical hotspots based on configurable failure-rate thresholds
Supports regex include/exclude filters for repo, workflow, and event
Emits text or JSON output for dashboards and automation gates

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
MIN_RUNS (default: 2) — skip low-sample groups
FAIL_WARN_PERCENT (default: 20)
FAIL_CRITICAL_PERCENT (default: 40)
FAIL_ON_CRITICAL (0 or 1, default: 0)
WORKFLOW_MATCH (regex, optional)
WORKFLOW_EXCLUDE (regex, optional)
EVENT_MATCH (regex, optional)
EVENT_EXCLUDE (regex, optional)
REPO_MATCH (regex, optional)
REPO_EXCLUDE (regex, optional)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=3 \
FAIL_WARN_PERCENT=25 \
FAIL_CRITICAL_PERCENT=50 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-trigger-health-audit/fixtures/*.json' \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Output contract

Exit 0 in report mode (default)
Exit 1 when FAIL_ON_CRITICAL=1 and any group meets critical threshold
Text mode prints summary + ranked trigger health hotspots
JSON mode prints summary + grouped metrics + critical group details

安全使用建议

This skill appears to do what it claims: aggregate GitHub Actions run JSON files and report failure rates. Before running it: (1) verify the JSON files you point RUN_GLOB at are the intended artifacts (do not point it at / or system config directories), (2) run against the bundled fixtures first to confirm behavior, (3) if you plan to collect runs via the 'gh' CLI, install and use gh yourself — the skill does not declare it as a required binary, so the SKILL.md example is informational, (4) review the script if you need to be extra cautious; it reads files and prints results but does not exfiltrate data or make network requests. If you want stricter safety, run the script in a sandbox or CI job with limited file access.

功能分析

Type: OpenClaw Skill Name: github-actions-trigger-health-audit Version: 1.0.0 The skill audits GitHub Actions run health by parsing local JSON files, but it contains vulnerabilities that grant broad system access. Specifically, the `RUN_GLOB` environment variable is passed unsanitized to Python's `glob.glob(recursive=True)` in `scripts/trigger-health-audit.sh`, allowing the agent to read any JSON file on the filesystem. Additionally, multiple inputs (e.g., `WORKFLOW_MATCH`, `REPO_MATCH`) are passed directly to `re.compile()`, posing a Regular Expression Denial of Service (ReDoS) risk. While these capabilities are plausibly needed for the stated purpose, the lack of input sanitization and the resulting broad file access meet the criteria for a suspicious classification.

能力评估

ℹ Purpose & Capability

The skill analyzes local GitHub Actions run JSON exports and produces text/JSON reports — which aligns with the name/description. SKILL.md shows using the 'gh' CLI to fetch run JSONs, but the declared required binaries list only bash and python3; 'gh' is not declared. This is a small documentation/metadata mismatch but not indicative of hidden behavior.

✓ Instruction Scope

Runtime instructions and the included script operate on local JSON files matched by RUN_GLOB, parse fields, aggregate metrics, and print results. They do not attempt network calls, secrets access, or modification of other system/config files. Example use of 'gh run view' is provided for collecting artifacts, but that is user-invoked and not executed by the skill.

✓ Install Mechanism

This is instruction-only with a bundled script; there is no install spec or remote downloads. No archives or external install sources are fetched, so installation risk is minimal.

ℹ Credentials

The skill requests no credentials or config paths and only uses optional environment variables for behavior (RUN_GLOB, filters, thresholds). One caution: RUN_GLOB controls which files are read — if a user supplies a glob that points to sensitive system files, the script will attempt to open them. That is a functional capability (it needs to read JSON files) but requires the user to ensure the glob only targets trusted artifact files.

✓ Persistence & Privilege

The skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and does not persist credentials. It exits normally and only reads files provided by the user.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-trigger-health-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-trigger-health-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of GitHub Actions Trigger Health Audit. - Audits GitHub Actions runs, grouping by repository, event, and workflow. - Calculates failure, cancel, and timeout rates, plus average runtime. - Flags warning and critical hotspots based on configurable thresholds. - Supports include/exclude regex filters for repo, workflow, and event. - Offers text and JSON output for dashboards and automation gating. - Customizable thresholds and fail conditions for automation integration.

元数据

Slug github-actions-trigger-health-audit

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题