ClawHub

GitHub Actions Mainline Health Audit

v1.4.0

Audit GitHub Actions mainline branch reliability by scoring failure rate, consecutive failures, and stale-success risk for critical workflows.

0· 318·1 current·1 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-mainline-health-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Mainline Health Audit" (daniellummis/github-actions-mainline-health-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-mainline-health-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-mainline-health-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-mainline-health-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the script and SKILL.md both describe reading GitHub Actions run JSON files, filtering mainline branches, scoring failure/stale-success risk, and emitting text/JSON reports. One minor documentation gap: SKILL.md shows using the `gh` CLI to collect run JSON, but the declared required binaries list only bash and python3 (the script itself does not invoke `gh`).
Instruction Scope
Runtime instructions and the included script operate on local JSON files (RUN_GLOB) and environment-configurable filters; they do not instruct the agent to read unrelated system files, access secrets, or transmit data to external endpoints. The example `gh run view ... > artifacts/...` requires the user to run the GitHub CLI to produce input artifacts, but the skill itself only reads those local files.
Install Mechanism
Instruction-only skill with an included script; there is no install spec, no downloads, and nothing is written to disk by an installer. The script is executed directly by bash/python3, which is proportionate for this purpose.
Credentials
No required environment variables, credentials, or config paths are declared. The many optional environment variables documented are reasonable filters/thresholds for the audit and do not request secrets. Note: using `gh` to collect run JSON (per examples) requires GitHub CLI authentication in the user's environment, but that is external to the skill.
Persistence & Privilege
Skill does not request permanent presence (always=false) and does not modify other skills or system-wide agent settings. It runs on demand and only reads local files provided via RUN_GLOB.
Assessment
This skill appears to be an offline auditor that consumes GitHub Actions run JSON files and emits scores/reports. Things to consider before installing/using: (1) The SKILL.md examples show using the `gh` CLI to produce run JSON files — ensure you have the GitHub CLI and appropriate auth configured if you use that collection method (the skill itself does not request GitHub credentials). (2) Confirm the RUN_GLOB path only matches intended JSON files (avoid accidentally exposing sensitive data). (3) Review the script if you plan to run it in CI to ensure its exit behavior (FAIL_ON_CRITICAL) and output format meet your pipeline expectations. (4) There are no network calls or credential exfiltration in the included code, but always review any third-party skill’s files before running in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk97887v06trp2kprevb8q5njjx82f1ht
318downloads
0stars
5versions
Updated 1mo ago
v1.4.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Mainline Health Audit

Use this skill to detect unstable workflows on protected branches (main/master/release) before they silently degrade delivery confidence.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Filters to mainline/protected branches (configurable regex)
  • Groups by repository + workflow + branch + event
  • Scores risk using:
    • failure rate
    • current consecutive failure streak
    • days since last successful run
  • Flags warning/critical groups based on configurable thresholds
  • Emits text or JSON output for CI checks and ops dashboards

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • MAINLINE_BRANCH_MATCH (default: ^(main|master|release.*)$)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • EVENT_MATCH (regex, optional)
  • EVENT_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • HEAD_SHA_MATCH (regex, optional)
  • HEAD_SHA_EXCLUDE (regex, optional)
  • CONCLUSION_MATCH (regex, optional)
  • CONCLUSION_EXCLUDE (regex, optional)
  • RUN_ID_MATCH (regex, optional)
  • RUN_ID_EXCLUDE (regex, optional)
  • RUN_URL_MATCH (regex, optional)
  • RUN_URL_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • STALE_SUCCESS_DAYS (default: 7)
  • WARN_SCORE (default: 30)
  • CRITICAL_SCORE (default: 55)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MAINLINE_BRANCH_MATCH='^(main|release/.*)$' \
HEAD_SHA_MATCH='^[a-f0-9]{7,40}$' \
CONCLUSION_EXCLUDE='^(success)$' \
RUN_ID_MATCH='^50(0[1-5])$' \
MIN_RUNS=3 \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-mainline-health-audit/fixtures/*.json' \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked mainline-risk groups
  • JSON mode prints summary + scored groups + critical group details

Comments

Loading comments...