ClawHub

GitHub Actions Run Gap Audit

v1.1.0

Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap.

0· 259·0 current·0 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-run-gap-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Run Gap Audit" (daniellummis/github-actions-run-gap-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-run-gap-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-run-gap-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-run-gap-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (detecting stale GitHub Actions runs) matches what the bundled script and fixtures do: parse run JSON files, compute cadence statistics, and emit a report. One minor inconsistency: SKILL.md shows using the 'gh' CLI to export runs (gh run view ...) but 'gh' is not listed among required binaries. Either the user must supply those exports themselves (which is reasonable) or the skill should declare 'gh' as a required binary if it expects to invoke it.
Instruction Scope
SKILL.md and scripts instruct the agent/user to read local JSON files (RUN_GLOB) and run the audit; the Python code only parses files, computes statistics, and prints text/JSON. There are no commands or instructions to read unrelated system files, call external servers, or exfiltrate data. The examples do show using 'gh' to collect data, which involves network access when the user runs that step, but that is external to the audit script itself.
Install Mechanism
There is no install spec (instruction-only plus an included script). Nothing is downloaded or executed from external URLs during install. The runtime requires bash and python3 (declared), which are proportionate for running the included script.
Credentials
The skill requires no credentials or config paths. It accepts many optional environment inputs (globs, regex filters, numeric thresholds) which are reasonable for a configurable audit tool; none are named like SECRET/TOKEN or otherwise request sensitive credentials.
Persistence & Privilege
always is false and the skill does not request persistent system-level presence or modify other skills. It does not attempt to enable itself or write persistent credentials.
Assessment
This skill is coherent and appears to do only local analysis of exported GitHub Actions run JSON files. Before installing/using it: (1) confirm you have bash and python3 available; (2) if you plan to follow the SKILL.md example that uses 'gh run view', make sure you have the GitHub CLI installed and authenticated — the script itself does not call 'gh' and 'gh' is not declared as a required binary; (3) run the audit against the included fixtures first (RUN_GLOB pointing to skills/.../fixtures/*.json) to validate behavior; (4) avoid pointing RUN_GLOB at directories containing unrelated or sensitive JSON files — the script will parse any matched files; and (5) review the script yourself if you have stricter security requirements, though no obfuscated code, network endpoints, or credential exfiltration were found in the provided files.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk97909vhn61b365p71rka3qsk182ebq5
259downloads
0stars
2versions
Updated 1mo ago
v1.1.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Run Gap Audit

Use this skill to detect workflow groups that have gone unexpectedly quiet (stale triggers, broken schedules, disabled automation, branch drift).

What this skill does

  • Reads GitHub Actions run JSON exports
  • Groups by repository + workflow + branch + event
  • Computes historical cadence (median and p90 interval hours)
  • Compares latest inactivity gap vs historical cadence
  • Scores risk severity (ok, warn, critical)
  • Emits text or JSON for CI checks and automation guardrails

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 4)
  • WARN_GAP_MULTIPLIER (default: 2.0)
  • CRITICAL_GAP_MULTIPLIER (default: 3.5)
  • MIN_WARN_GAP_HOURS (default: 12)
  • MIN_CRITICAL_GAP_HOURS (default: 24)
  • WORKFLOW_MATCH (regex, optional)
  • WORKFLOW_EXCLUDE (regex, optional)
  • BRANCH_MATCH (regex, optional)
  • BRANCH_EXCLUDE (regex, optional)
  • EVENT_MATCH (regex, optional)
  • EVENT_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • RUN_ID_MATCH (regex, optional)
  • RUN_ID_EXCLUDE (regex, optional)
  • RUN_URL_MATCH (regex, optional)
  • RUN_URL_EXCLUDE (regex, optional)
  • NOW_ISO (optional fixed evaluation time for deterministic CI tests)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MIN_RUNS=5 \
WARN_GAP_MULTIPLIER=2.25 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh

Targeted run-scope triage:

RUN_GLOB='artifacts/github-actions/*.json' \
RUN_ID_MATCH='^(88|89)' \
RUN_URL_EXCLUDE='rerun' \
OUTPUT_FORMAT=json \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-run-gap-audit/fixtures/*.json' \
NOW_ISO='2026-03-07T00:00:00Z' \
bash skills/github-actions-run-gap-audit/scripts/run-gap-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked stale workflow groups
  • JSON mode prints summary + ranked groups + critical group details

Comments

Loading comments...