ClawHub

GitHub Actions Failure Owner Audit

v1.2.0

Audit failing GitHub Actions runs by actor ownership to expose who/workflow combinations generate the most CI noise and wasted minutes.

0· 303·2 current·2 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-failure-owner-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Failure Owner Audit" (daniellummis/github-actions-failure-owner-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-failure-owner-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-failure-owner-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-failure-owner-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description describe auditing GitHub Actions run JSONs; the skill only requires bash and python3 to parse local JSON exports and an optional owner-map file. Nothing in the files requests unrelated cloud credentials or services.
Instruction Scope
SKILL.md and the script consistently instruct collecting GitHub Actions run JSONs (via gh api or local exports) and then running the bundled script. The script reads files matched by RUN_GLOB and an optional OWNER_MAP_FILE and applies regex filters — all behavior is consistent with the stated audit purpose. Note: RUN_GLOB/OWNER_MAP_FILE are user-controllable, so the tool will read any files the user points it at (expected for a file-processing tool).
Install Mechanism
No install spec; skill is instruction-only with an included script. This is low-risk: nothing is downloaded or written during install.
Credentials
No required environment variables or credentials are declared. The script uses user-provided environment variables (RUN_GLOB, OWNER_MAP_FILE, filters) appropriate for configuring a local audit. It does not attempt to read other environment variables or secret files.
Persistence & Privilege
The skill is not always-enabled and does not request permanent presence or modify other skills or system-wide configs. It runs only when invoked by the user/agent.
Assessment
This skill appears to do what it says: parse GitHub Actions run JSON exports and report owner/actor hotspots. Before running: 1) Export runs yourself via 'gh api' (which will use your existing gh auth) rather than pointing RUN_GLOB at unexpected locations. 2) Confirm RUN_GLOB and OWNER_MAP_FILE point only to intended JSON files (the script will read any path you provide). 3) Review the included scripts if you need to ensure no local-sensitive paths are referenced in your environment. 4) Try with the provided fixtures first to verify output and behavior (the README shows this). If you need autonomous agent invocation, consider the risks of letting an agent run file-processing tools without restrictions, but the skill itself does not request extra credentials or network exfiltration.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk971v8tdpdhwcks3ckh5xxg2kx82fx8z
303downloads
0stars
3versions
Updated 1mo ago
v1.2.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Failure Owner Audit

Use this skill to attribute GitHub Actions failures to owners (actors) so teams can route CI stabilization work by impact instead of guesswork.

What this skill does

  • Reads one or more GitHub Actions run JSON exports (gh api output or per-run JSON files)
  • Focuses on failure-like conclusions by default (failure, cancelled, timed_out, action_required, startup_failure)
  • Groups by repository + actor (or repository + actor + workflow)
  • Scores hotspots by failed run counts and total failed runtime minutes
  • Supports text and JSON output for triage meetings and automation

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions-runs/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • GROUP_BY (actor, actor-workflow, owner, or owner-workflow, default: actor)
  • OWNER_MAP_FILE (optional JSON mapping file to map actor regex → owner/team)
  • WARN_FAILURE_RUNS (default: 3)
  • CRITICAL_FAILURE_RUNS (default: 6)
  • WARN_FAILURE_MINUTES (default: 30)
  • CRITICAL_FAILURE_MINUTES (default: 90)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • REPO_MATCH / REPO_EXCLUDE (regex, optional)
  • WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)
  • BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)
  • ACTOR_MATCH / ACTOR_EXCLUDE (regex, optional)
  • CONCLUSION_MATCH / CONCLUSION_EXCLUDE (regex, optional)

Collect run JSON

Single repository paginated export:

gh api repos/<owner>/<repo>/actions/runs --paginate \
  > artifacts/github-actions-runs/<owner>-<repo>.json

Run

Default ownership triage:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Workflow-scoped ownership triage with stricter thresholds:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='actor-workflow' \
WARN_FAILURE_RUNS=2 \
CRITICAL_FAILURE_RUNS=4 \
WARN_FAILURE_MINUTES=20 \
CRITICAL_FAILURE_MINUTES=60 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

JSON output for dashboards/alerts:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
OUTPUT_FORMAT='json' \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Filter to a repo and release branches only:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
REPO_MATCH='^flowcreatebot/' \
BRANCH_MATCH='^(main|release/)' \
ACTOR_EXCLUDE='(dependabot|renovate)' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-failure-owner-audit/fixtures/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Owner/team mapping (first matching regex wins):

{
  "^dependabot\\[bot]$": "automation",
  "^renovate\\[bot]$": "automation",
  "^alice$": "platform"
}

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='owner-workflow' \
OWNER_MAP_FILE='skills/github-actions-failure-owner-audit/examples/owner-map.sample.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Output contract

  • Exit 0 in reporting mode (default)
  • Exit 1 if FAIL_ON_CRITICAL=1 and at least one ownership group is critical
  • In text mode: prints summary and top ownership hotspots
  • In json mode: prints summary, top groups, all groups, and critical groups

Comments

Loading comments...