laurigates/finops-waste
finops-plugin/skills/finops-waste/SKILL.md
Identify GitHub Actions waste — skipped runs, bot triggers, missing concurrency — and suggest fixes. Use when CI costs are high or workflows run too often.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins finops-wasteInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 8:17 AM221.5s2 files scanned
SKILL.md
- description:
- Identify GitHub Actions waste — skipped runs, bot triggers, missing concurrency — and suggest fixes. Use when CI costs are high or workflows run too often.
- args:
- [repo]
- allowed-tools:
- Bash(gh api *), Bash(gh workflow *), Bash(gh repo *), Bash(bash *), Read, Grep, Glob, Edit, TodoWrite
- argument-hint:
- Optional repo (owner/name format, defaults to current repo)
- created:
- 2025-01-30
- modified:
- 2026-04-25
- reviewed:
- 2026-04-25
- name:
- finops-waste
/finops:waste
Identify GitHub Actions waste patterns and provide actionable fix suggestions. Analyzes skipped runs, bot triggers, missing concurrency groups, and missing path filters.
When to Use This Skill
| Use this skill when... | Use a sibling instead when... |
|---|---|
| You want actionable fixes for CI cost waste — concurrency, path filters, bot guards | You need a high-level billing and health snapshot — use /finops:overview |
| You need to add cancel-in-progress to PR workflows | You need workflow run frequency and duration stats — use /finops:workflows |
| You are auditing skipped runs and bot-triggered noise | You are auditing cache bloat or stale caches — use /finops:caches |
| You want to fix one repo's workflow config | You want to rank waste across many repos — use /finops:compare |
Context
- Current repo URL: !
git remote get-url origin - Workflow files: !
find .github/workflows -maxdepth 1 \( -name '*.yml' -o -name '*.yaml' \)
Parameters
| Parameter | Description | Default |
|-----------|-------------|---------|
| repo | Repository in owner/name format | Current repository |
Execution
1. Run API-based waste analysis:
bash "${SKILL_DIR}/scripts/waste-analysis.sh" "$REPO"
2. Workflow file analysis (requires local filesystem):
echo ""
echo "=== Workflow File Analysis ==="
for f in .github/workflows/*.yml .github/workflows/*.yaml 2>/dev/null; do
[ -f "$f" ] || continue
name=$(basename "$f")
issues=""
# Check for concurrency
if ! grep -q "concurrency:" "$f"; then
issues="${issues}missing-concurrency "
fi
# Check for path filters (on push/pull_request without paths)
if grep -qE "^\s*(push|pull_request):" "$f" && ! grep -q "paths:" "$f"; then
issues="${issues}no-path-filter "
fi
# Check for bot filter
if ! grep -q "github.event.sender.type" "$f" && ! grep -q "github.actor" "$f"; then
issues="${issues}no-bot-filter "
fi
# Check for cancel-in-progress
if grep -q "pull_request:" "$f" && ! grep -q "cancel-in-progress:" "$f"; then
issues="${issues}no-cancel-in-progress "
fi
if [ -n "$issues" ]; then
echo " $name: $issues"
else
echo " $name: OK"
fi
done
Fix Suggestions
After analysis, provide specific fixes based on findings:
Fix: Missing Concurrency Group
# Add to workflow file at top level or per-job
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true # For PR workflows
Fix: Bot Trigger Filter
jobs:
build:
# Skip if triggered by a bot
if: github.event.sender.type != 'Bot'
runs-on: ubuntu-latest
steps: ...
Or for specific bots:
if: github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]'
Fix: Add Path Filters
on:
push:
branches: [main]
paths:
- 'src/**'
- 'package.json'
- 'package-lock.json'
paths-ignore:
- '**.md'
- 'docs/**'
- '.github/**'
pull_request:
paths:
- 'src/**'
- 'package.json'
Fix: Cancel Duplicate PR Runs
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
Output Format
=== Waste Analysis: org/repo ===
=== Skipped Runs ===
Total runs: 100
Skipped: 15 (15%)
By workflow:
CI: 10 skipped
CodeQL: 5 skipped
=== Bot-Triggered Runs ===
Bot-triggered: 25/100 runs
By bot:
dependabot[bot]: 15 runs
renovate[bot]: 10 runs
=== Workflow File Analysis ===
ci.yml: missing-concurrency no-path-filter
deploy.yml: OK
codeql.yml: no-bot-filter
=== Potential Duplicate Runs ===
Commit abc1234: 3 runs (CI, CodeQL, Security)
=== High-Frequency Workflows ===
CI: 67 runs in sample - review trigger conditions
Agentic Optimizations
| Context | Command |
|---------|---------|
| Skipped runs count | gh run list --limit 100 --json conclusion --jq '[.[] | select(.conclusion=="skipped")] | length' |
| Failed runs (compact) | gh run list --limit 50 --status failure --json name,createdAt |
| Workflow file check | bash "${SKILL_DIR}/scripts/waste-analysis.sh" "$REPO" |
| Check concurrency in file | grep -l "concurrency:" .github/workflows/*.yml |
| Bot-triggered runs | gh run list --limit 100 --json actor,conclusion --jq '[.[] | select(.actor.login | test("\\[bot\\]"))] | length' |
Post-actions
- Offer to apply fixes: For each issue found, offer to edit the workflow file directly
- Prioritize by impact: Focus on high-frequency workflows first
- Test recommendations: Suggest testing changes on a feature branch first
- Create tracking issue: Optionally create a GitHub issue to track optimization work
Related Skills
laurigates/comfyui-node-scaffold
tools
VerifiedTrustedCommunity
Scaffold a new ComfyUI custom-node repo (pyproject, CI, release-please, vitest+pytest, JS extension skeleton) in the picker/gesture vein. Use when bootstrapping or init-ing a comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/comfy-node
tools
VerifiedTrustedCommunity
Orchestrate a ComfyUI node pack from idea to registry: scaffold, create + seed the repo, open the gitops adoption PR. Use when releasing or spinning up a new comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/endpoint-security-cpu
testing
VerifiedTrustedCommunity
macOS EndpointSecurity/EDR high CPU & battery drain. Use when Kandji ESF / XProtect pegs a core; trace the exec storm via powermetrics + eslogger.
35SKILL.mdUpdated Jun 4, 2026
laurigates/odiff-image-diffing
development
VerifiedTrustedCommunity
odiff pixel-by-pixel image diffing. Use when comparing screenshots, detecting visual regressions, diffing before/after PNGs, asserting golden images.
35SKILL.mdUpdated May 30, 2026