github-actions-manual-trigger-audit
Audit manual GitHub Actions trigger dependence by workflow/event to flag automation gaps and intervention risk.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/daniellummis/github-actions-manual-trigger-auditGitHub Actions Manual Trigger Audit
Use this skill to detect workflows that rely too heavily on manual triggers (workflow_dispatch / repository_dispatch) instead of automated CI events.
What this skill does
- Reads GitHub Actions run JSON exports
- Groups runs by repository + workflow (+ branch)
- Measures manual-trigger share vs total run volume
- Tracks recent manual-trigger streaks (latest N runs)
- Scores severity (
ok,warn,critical) for operational risk gating - Emits text or JSON output for automation
Inputs
Optional:
RUN_GLOB(default:artifacts/github-actions/*.json)TOP_N(default:20)OUTPUT_FORMAT(textorjson, default:text)GROUP_BY(workfloworworkflow-branch, default:workflow)MANUAL_EVENTS(comma-separated, default:workflow_dispatch,repository_dispatch)RECENT_WINDOW(latest runs inspected for streak, default:5)MIN_RUNS(minimum runs required, default:5)WARN_MANUAL_RATIO(0..1, default:0.35)CRITICAL_MANUAL_RATIO(0..1, default:0.65)WARN_MANUAL_RUNS(default:5)CRITICAL_MANUAL_RUNS(default:12)WARN_RECENT_MANUAL_STREAK(default:3)CRITICAL_RECENT_MANUAL_STREAK(default:5)WORKFLOW_MATCH/WORKFLOW_EXCLUDE(regex, optional)BRANCH_MATCH/BRANCH_EXCLUDE(regex, optional)EVENT_MATCH/EVENT_EXCLUDE(regex, optional)REPO_MATCH/REPO_EXCLUDE(regex, optional)FAIL_ON_CRITICAL(0or1, default:0)
Collect run JSON
gh run view <run-id> --json databaseId,workflowName,event,headBranch,conclusion,createdAt,updatedAt,url,repository \
> artifacts/github-actions/run-<run-id>.json
Run
Text report:
RUN_GLOB='artifacts/github-actions/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
JSON output + fail gate:
RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
Run against bundled fixtures:
RUN_GLOB='skills/github-actions-manual-trigger-audit/fixtures/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
Output contract
- Exit
0in report mode (default) - Exit
1whenFAIL_ON_CRITICAL=1and one or more groups are critical - Text mode prints summary + ranked workflow groups
- JSON mode prints summary + ranked groups + critical groups
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-daniellummis-github-actions-manual-trigger-audit": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
github-actions-recovery-latency-audit
Measure GitHub Actions failure recovery latency and unresolved incident age by workflow group.
github-actions-cache-hardening-audit
Audit GitHub Actions workflow cache usage for poisoning, keying, and secret-path risks.
render-env-guard
Preflight-check Render service environment variables before deploys; catches missing keys and placeholder/template values that commonly break production rollouts.
github-actions-trigger-health-audit
Audit GitHub Actions run health by trigger event and workflow so flaky or noisy automation sources are easy to prioritize.
github-actions-run-gap-audit
Detect GitHub Actions workflow groups that stopped running on their normal cadence using median run intervals and current inactivity gap.