技能详情(站内镜像,无评论)
作者:Daniel Lummis @daniellummis
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 147 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:daniellummis/github-actions-manual-trigger-audit
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
This skill's files and runtime instructions are coherent with its stated purpose: it analyzes GitHub Actions run JSON exports locally and does not request credentials, unusual binaries, or perform network exfiltration.
目的
The skill's name/description match what the code does: it reads GitHub Actions run JSON files, groups and scores workflows for manual-trigger dependence. Required binaries (bash, python3) are appropriate for the included shell+Python script. Minor note: the README examples show using the 'gh' CLI to collect run JSONs, but 'gh' is not listed in the declared required binaries; collecting data with 'gh' is optional for the tool to run (the script…
说明范围
SKILL.md instructs the user to export run JSONs (example uses 'gh run view'), then run the script against a glob of JSON files. The runtime script only reads files matching RUN_GLOB and does not access other system configuration or environment variables. Two cautions: (1) the script will process any files matched by RUN_GLOB, so a mis-set glob could read unrelated local files; (2) the SKILL.md's 'gh' example implies network/GitHub access when …
安装机制
No install spec; this is instruction-only plus an included script. Nothing is downloaded or installed by the skill package itself.
证书
The skill declares no required environment variables or credentials, and the script does not attempt to read secrets or other env vars. Note: collecting run JSONs with the GitHub CLI (as suggested in docs) would require GitHub authentication external to this skill; that is not requested by the skill itself.
持久
always=false and there is no code that modifies agent configuration or other skills. The default autonomous invocation capability is unchanged (normal platform behavior) and the skill does not request persistent elevated privileges.
综合结论
This skill appears to do what it says: analyze local GitHub Actions run JSONs for manual-trigger dependence. Before running it: (1) verify the RUN_GLOB value so the script only reads intended JSON files (avoid globs that could match sensitive system files); (2) if you plan to use the 'gh run view' example to collect data, be aware that requires the GitHub CLI and your authenticated GitHub session/token — that is separate from this skill and no…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「GitHub Actions Manual Trigger Audit」。简介:Audit manual GitHub Actions trigger dependence by workflow/event to flag automa…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/daniellummis/github-actions-manual-trigger-audit/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: github-actions-manual-trigger-audit
description: Audit manual GitHub Actions trigger dependence by workflow/event to flag automation gaps and intervention risk.
version: 1.0.0
metadata: {"openclaw":{"requires":{"bins":["bash","python3"]}}}
---
# GitHub Actions Manual Trigger Audit
Use this skill to detect workflows that rely too heavily on manual triggers (`workflow_dispatch` / `repository_dispatch`) instead of automated CI events.
## What this skill does
- Reads GitHub Actions run JSON exports
- Groups runs by repository + workflow (+ branch)
- Measures manual-trigger share vs total run volume
- Tracks recent manual-trigger streaks (latest N runs)
- Scores severity (`ok`, `warn`, `critical`) for operational risk gating
- Emits text or JSON output for automation
## Inputs
Optional:
- `RUN_GLOB` (default: `artifacts/github-actions/*.json`)
- `TOP_N` (default: `20`)
- `OUTPUT_FORMAT` (`text` or `json`, default: `text`)
- `GROUP_BY` (`workflow` or `workflow-branch`, default: `workflow`)
- `MANUAL_EVENTS` (comma-separated, default: `workflow_dispatch,repository_dispatch`)
- `RECENT_WINDOW` (latest runs inspected for streak, default: `5`)
- `MIN_RUNS` (minimum runs required, default: `5`)
- `WARN_MANUAL_RATIO` (0..1, default: `0.35`)
- `CRITICAL_MANUAL_RATIO` (0..1, default: `0.65`)
- `WARN_MANUAL_RUNS` (default: `5`)
- `CRITICAL_MANUAL_RUNS` (default: `12`)
- `WARN_RECENT_MANUAL_STREAK` (default: `3`)
- `CRITICAL_RECENT_MANUAL_STREAK` (default: `5`)
- `WORKFLOW_MATCH` / `WORKFLOW_EXCLUDE` (regex, optional)
- `BRANCH_MATCH` / `BRANCH_EXCLUDE` (regex, optional)
- `EVENT_MATCH` / `EVENT_EXCLUDE` (regex, optional)
- `REPO_MATCH` / `REPO_EXCLUDE` (regex, optional)
- `FAIL_ON_CRITICAL` (`0` or `1`, default: `0`)
## Collect run JSON
```bash
gh run view <run-id> --json databaseId,workflowName,event,headBranch,conclusion,createdAt,updatedAt,url,repository
> artifacts/github-actions/run-<run-id>.json
```
## Run
Text report:
```bash
RUN_GLOB='artifacts/github-actions/*.json'
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
```
JSON output + fail gate:
```bash
RUN_GLOB='artifacts/github-actions/*.json'
OUTPUT_FORMAT=json
FAIL_ON_CRITICAL=1
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
```
Run against bundled fixtures:
```bash
RUN_GLOB='skills/github-actions-manual-trigger-audit/fixtures/*.json'
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
```
## Output contract
- Exit `0` in report mode (default)
- Exit `1` when `FAIL_ON_CRITICAL=1` and one or more groups are critical
- Text mode prints summary + ranked workflow groups
- JSON mode prints summary + ranked groups + critical groups