Official Verified

github-actions-deploy-risk-audit

Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/daniellummis/github-actions-deploy-risk-audit

Download Source Code (.zip)

GitHub Actions Deploy Risk Audit

Use this skill to rank deployment workflows that are currently risky to trust for production releases.

What this skill does

Reads GitHub Actions run JSON exports
Filters to deployment/release workflows (configurable regex)
Groups by repository + workflow + branch
Scores risk using:
- failure rate
- unresolved trailing failure streak
- days since last successful run
Flags warning/critical groups based on configurable score thresholds
Emits text or JSON output for CI dashboards and release gates

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
MIN_RUNS (default: 2)
DEPLOY_WORKFLOW_MATCH (default: (?i)(deploy|release|ship|production))
BRANCH_MATCH (regex, optional)
BRANCH_EXCLUDE (regex, optional)
REPO_MATCH (regex, optional)
REPO_EXCLUDE (regex, optional)
FAIL_WARN_PERCENT (default: 20)
FAIL_CRITICAL_PERCENT (default: 40)
STALE_SUCCESS_DAYS (default: 7)
WARN_SCORE (default: 35)
CRITICAL_SCORE (default: 60)
FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
DEPLOY_WORKFLOW_MATCH='(?i)(deploy|release)' \
MIN_RUNS=3 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-deploy-risk-audit/fixtures/*.json' \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Output contract

Exit 0 in report mode (default)
Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
Text mode prints summary + ranked deploy risk groups
JSON mode prints summary + scored groups + critical group details

Read Full Documentation on GitHub

Metadata

Author@daniellummis

Stars3376

Updated2026-03-24

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-daniellummis-github-actions-deploy-risk-audit": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

github-actions-recovery-latency-audit

Measure GitHub Actions failure recovery latency and unresolved incident age by workflow group.

daniellummis 3376

github-actions-cache-hardening-audit

Audit GitHub Actions workflow cache usage for poisoning, keying, and secret-path risks.

daniellummis 3376

render-env-guard

Preflight-check Render service environment variables before deploys; catches missing keys and placeholder/template values that commonly break production rollouts.

daniellummis 3376

github-actions-trigger-health-audit

Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize.

daniellummis 3376

github-actions-run-gap-audit

Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap.

daniellummis 3376