ClawHub

GitHub Actions Incident Timeline Audit

v1.0.0

Cluster failed GitHub Actions runs into incident windows by repo to expose outage duration, impact scope, and escalation severity.

0· 257·0 current·0 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-incident-timeline-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Incident Timeline Audit" (daniellummis/github-actions-incident-timeline-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-incident-timeline-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-incident-timeline-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-incident-timeline-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script and SKILL.md: the script reads exported GitHub Actions run JSON files, groups failures into incidents, scores severity, and emits text/JSON. Required binaries (bash, python3) are appropriate. Minor note: SKILL.md shows an example using the 'gh' CLI to fetch run JSON, but 'gh' is not declared as a required binary — this is a documentation/example omission rather than a functional mismatch.
Instruction Scope
Runtime instructions and the script operate on local JSON files matched by RUN_GLOB and on CLI-provided parameters. The script does not perform network calls, read system-wide config, or access unrelated environment variables. It only parses files, computes clusters, and prints output. There is no evidence of data exfiltration or contacting external endpoints.
Install Mechanism
No install specification — instruction-only with a bundled script. Nothing is downloaded or written to system paths by an installer. Risk from installation is minimal.
Credentials
The skill requests no environment secrets or config paths. All behavioral controls are via optional environment variables (RUN_GLOB, thresholds, filters). No unexpected credentials or keys are required.
Persistence & Privilege
Skill does not request always: true and has no special persistence or privileged actions. It is user-invocable and can be run manually; autonomous invocation is allowed by platform default but is not combined with other red flags.
Assessment
This skill appears to do what it says: parse local GitHub Actions run JSON files and produce incident windows. Before running, ensure the RUN_GLOB path points only to intended JSON exports (so you don't accidentally parse unrelated files), and review any JSON fixtures you feed it (don't run over untrusted files). If you plan to collect run JSON via the 'gh' CLI as shown in the SKILL.md, install/verify 'gh' yourself (it's only an example and not required by the script). If you enable FAIL_ON_CRITICAL=1 be aware the script will exit non‑zero when critical incidents are found (useful for CI gates).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk971jwr872s084n6scwngz97rn82eqnz
257downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Incident Timeline Audit

Use this skill to convert noisy failed run exports into incident windows you can triage quickly during CI reliability reviews.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Keeps only failed/cancelled/timed-out style outcomes
  • Groups failures by repository into incident windows using a configurable gap threshold
  • Scores each incident using failed-run and duration thresholds
  • Emits text or JSON output for review docs, ops dashboards, and CI fail gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • INCIDENT_GAP_MINUTES (default: 45)
  • WARN_FAILED_RUNS (default: 2)
  • CRITICAL_FAILED_RUNS (default: 4)
  • WARN_DURATION_MINUTES (default: 20)
  • CRITICAL_DURATION_MINUTES (default: 60)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
INCIDENT_GAP_MINUTES=45 \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-incident-timeline-audit/fixtures/*.json' \
bash skills/github-actions-incident-timeline-audit/scripts/incident-timeline-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more incidents are critical
  • Text mode prints summary + ranked incident windows
  • JSON mode prints summary + incidents + critical incident details

Comments

Loading comments...