ClawHub

GitHub Actions Artifact Budget Audit

v1.0.0

Audit GitHub Actions artifact storage usage from JSON exports so bloated artifacts are flagged before they inflate CI cost.

0· 240·0 current·0 all-time
byDaniel Lummis@daniellummis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md examples, fixtures, and the script all focus on reading local artifact JSON files, grouping by repo/artifact, and reporting size/expiry. Required binaries (bash, python3) are appropriate and nothing unrelated is requested.
Instruction Scope
Runtime instructions only direct the agent/user to gather gh API JSON exports (optional) and run the bundled script with environment flags. The script only reads files, parses JSON, aggregates stats, and prints JSON/text; it does not download artifact archives or call external endpoints.
Install Mechanism
No install spec (instruction-only with a bundled script). No remote downloads or packages are installed by the skill itself.
Credentials
The skill requires no environment variables or credentials. The SKILL.md suggests using 'gh api' to produce JSON exports, which may require GitHub auth when the user runs that step, but the skill itself does not request tokens or access unrelated secrets.
Persistence & Privilege
Flags show normal defaults (not always:true). The skill does not claim or perform any persistent changes to agent/system configuration and requests no elevated privileges.
Assessment
This skill appears coherent and limited to parsing local GitHub artifact JSON exports and reporting oversized/stale artifacts. Before running: (1) Inspect the bundled script (already provided) yourself or run it in an isolated environment if you have any doubts. (2) If you use the 'gh api' command to collect JSON, that step may require GitHub authentication (use the minimum-scoped token or an authenticated gh session). (3) The script records archive_download_url strings but does not fetch them; do not pass it JSON containing secrets or untrusted data. If you need absolute assurance, run the script on copies of your artifact JSON files inside a disposable container.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk970wndaztw7fpbc4qrwyng9e582d4mp
240downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Artifact Budget Audit

Use this skill to detect oversized or stale GitHub Actions artifacts across repositories.

What this skill does

  • Reads one or more GitHub artifact JSON exports (gh api output)
  • Calculates artifact size in MB and totals by repository + artifact name
  • Flags warn/critical artifacts by configurable size thresholds
  • Highlights soon-to-expire artifact volume to prioritize cleanup
  • Supports text and JSON output for terminal or dashboards

Inputs

Optional:

  • ARTIFACT_GLOB (default: artifacts/github-actions-artifacts/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • WARN_MB (default: 250)
  • CRITICAL_MB (default: 750)
  • SOON_EXPIRES_DAYS (default: 7)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • ARTIFACT_MATCH (regex, optional)
  • ARTIFACT_EXCLUDE (regex, optional)

Collect artifact JSON

Single repository:

gh api repos/<owner>/<repo>/actions/artifacts --paginate \
  > artifacts/github-actions-artifacts/<owner>-<repo>.json

Combined multi-repo payloads are also supported as long as each file includes an artifacts array.

Run

Text report:

ARTIFACT_GLOB='artifacts/github-actions-artifacts/*.json' \
WARN_MB=300 \
CRITICAL_MB=900 \
bash skills/github-actions-artifact-budget-audit/scripts/artifact-budget-audit.sh

JSON output for automation:

ARTIFACT_GLOB='artifacts/github-actions-artifacts/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-artifact-budget-audit/scripts/artifact-budget-audit.sh

Filter to one repo and artifact family:

ARTIFACT_GLOB='artifacts/github-actions-artifacts/*.json' \
REPO_MATCH='^flowcreatebot/' \
ARTIFACT_MATCH='(test-results|coverage)' \
bash skills/github-actions-artifact-budget-audit/scripts/artifact-budget-audit.sh

Run with bundled fixtures:

ARTIFACT_GLOB='skills/github-actions-artifact-budget-audit/fixtures/*.json' \
bash skills/github-actions-artifact-budget-audit/scripts/artifact-budget-audit.sh

Output contract

  • Exit 0 in reporting mode (default)
  • Exit 1 if FAIL_ON_CRITICAL=1 and at least one artifact is at/above CRITICAL_MB
  • In text mode: prints summary and top oversized artifact groups
  • In json mode: prints summary, grouped artifact stats, and critical artifact instances

Comments

Loading comments...