ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GitHub Actions Trigger Health Audit

v1.0.0

Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize.

0· 321·0 current·0 all-time
byDaniel Lummis@daniellummis
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill analyzes local GitHub Actions run JSON exports and produces text/JSON reports — which aligns with the name/description. SKILL.md shows using the 'gh' CLI to fetch run JSONs, but the declared required binaries list only bash and python3; 'gh' is not declared. This is a small documentation/metadata mismatch but not indicative of hidden behavior.
Instruction Scope
Runtime instructions and the included script operate on local JSON files matched by RUN_GLOB, parse fields, aggregate metrics, and print results. They do not attempt network calls, secrets access, or modification of other system/config files. Example use of 'gh run view' is provided for collecting artifacts, but that is user-invoked and not executed by the skill.
Install Mechanism
This is instruction-only with a bundled script; there is no install spec or remote downloads. No archives or external install sources are fetched, so installation risk is minimal.
Credentials
The skill requests no credentials or config paths and only uses optional environment variables for behavior (RUN_GLOB, filters, thresholds). One caution: RUN_GLOB controls which files are read — if a user supplies a glob that points to sensitive system files, the script will attempt to open them. That is a functional capability (it needs to read JSON files) but requires the user to ensure the glob only targets trusted artifact files.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system-wide settings, and does not persist credentials. It exits normally and only reads files provided by the user.
Assessment
This skill appears to do what it claims: aggregate GitHub Actions run JSON files and report failure rates. Before running it: (1) verify the JSON files you point RUN_GLOB at are the intended artifacts (do not point it at / or system config directories), (2) run against the bundled fixtures first to confirm behavior, (3) if you plan to collect runs via the 'gh' CLI, install and use gh yourself — the skill does not declare it as a required binary, so the SKILL.md example is informational, (4) review the script if you need to be extra cautious; it reads files and prints results but does not exfiltrate data or make network requests. If you want stricter safety, run the script in a sandbox or CI job with limited file access.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk975s9624s9y6192wp3x9sfrnd82ctz2
321downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Trigger Health Audit

Use this skill to find which GitHub Actions trigger events are driving the highest failure rates.

What this skill does

  • Reads one or more GitHub Actions run JSON exports
  • Groups runs by repository + event + workflow
  • Calculates failure/cancel/timeout rates and average runtime
  • Flags warning/critical hotspots based on configurable failure-rate thresholds
  • Supports regex include/exclude filters for repo, workflow, and event
  • Emits text or JSON output for dashboards and automation gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2) — skip low-sample groups
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • EVENT_MATCH (regex, optional)
  • EVENT_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=3 \
FAIL_WARN_PERCENT=25 \
FAIL_CRITICAL_PERCENT=50 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-trigger-health-audit/fixtures/*.json' \
bash skills/github-actions-trigger-health-audit/scripts/trigger-health-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and any group meets critical threshold
  • Text mode prints summary + ranked trigger health hotspots
  • JSON mode prints summary + grouped metrics + critical group details

Comments

Loading comments...