ClawHub

GitHub Actions PR Gate Health Audit

v1.0.0

Audit pull-request and merge-queue GitHub Actions reliability by scoring failure rate, queue latency, and stale-success risk for merge gates.

0· 298·0 current·0 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-pr-gate-health-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions PR Gate Health Audit" (daniellummis/github-actions-pr-gate-health-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-pr-gate-health-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-pr-gate-health-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-pr-gate-health-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to analyze GitHub Actions run JSONs; the included script reads JSON files, computes failure/queue/staleness metrics, and emits text/JSON reports. Required binaries (bash, python3) match the actual implementation. No unrelated credentials or system paths are requested.
Instruction Scope
SKILL.md documents a convenient step using the 'gh' CLI to export runs (gh run view ...). The runtime script itself only reads local JSON files (RUN_GLOB) and does not invoke the network. The manifest does not declare 'gh' as a required binary or any auth requirement; if you follow the suggested 'gh' collect step, you will need the GitHub CLI and its authentication (not declared). Otherwise, you must supply the run JSON artifacts beforehand.
Install Mechanism
This is instruction-only with an included shell+python script; there is no install spec, no downloads, and nothing will be written to disk beyond reading the JSON artifacts and whatever output the script produces.
Credentials
The skill declares no required environment variables or credentials and the script uses only optional input variables (RUN_GLOB, OUTPUT_FORMAT, thresholds, regex filters). No secrets are requested and the script does not access other env vars or config files.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify agent-wide settings. It does not store credentials or alter other skills.
Assessment
This tool analyzes local GitHub Actions run JSON files and appears to do only that. Before installing/using it, note: (1) SKILL.md shows an example using the 'gh' CLI to collect run JSONs — the script does not call 'gh' itself and the manifest does not list 'gh' as required, so you must either run 'gh' yourself (which requires the GitHub CLI and auth) or collect artifacts by other means; (2) review the RUN_GLOB location you provide so it only contains intended run exports (the script will parse every matching JSON file); (3) no credentials are requested by the skill, and the included script does not perform network calls or exfiltrate data, but if you run the optional 'gh' collection step that will use your GitHub auth — be mindful of that credential scope. If you want higher assurance, run the script against the bundled fixtures first and inspect the output.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk97240tvzpqv35ygch2771td0582d4kn
298downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions PR Gate Health Audit

Use this skill to detect unreliable pull-request merge gates before they block developers or hide degraded CI health.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Filters to PR/merge-gate events by default (pull_request, pull_request_target, merge_group)
  • Groups by repository + workflow + event
  • Scores risk using:
    • failure rate
    • consecutive current failures
    • average queue wait before run start
    • days since last successful run
  • Flags warning/critical groups via configurable thresholds
  • Emits text or JSON output for CI gates and operational dashboards

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • EVENT_MATCH (default: ^(pull_request|pull_request_target|merge_group)$)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 15)
  • FAIL_CRITICAL_PERCENT (default: 30)
  • QUEUE_WARN_SECONDS (default: 120)
  • QUEUE_CRITICAL_SECONDS (default: 300)
  • SUCCESS_STALE_DAYS (default: 3)
  • WARN_SCORE (default: 25)
  • CRITICAL_SCORE (default: 45)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,runStartedAt,updatedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
EVENT_MATCH='^(pull_request|merge_group)$' \
MIN_RUNS=3 \
bash skills/github-actions-pr-gate-health-audit/scripts/pr-gate-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-pr-gate-health-audit/scripts/pr-gate-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-pr-gate-health-audit/fixtures/*.json' \
bash skills/github-actions-pr-gate-health-audit/scripts/pr-gate-health-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked PR gate risk groups
  • JSON mode prints summary + scored groups + critical group details

Comments

Loading comments...