🔍 Agentic Workflow Audit Report - February 18, 2026

[github-actions[bot]]

Audit Summary

Audit Period: Last 24 hours (Feb 17, 2026 05:47 UTC - Feb 18, 2026 05:47 UTC)

• Total Runs Analyzed: 23
• Total Duration: 1.7 hours
• Total Token Usage: 29,968,782 tokens
• Total Cost: $3.95
• Success Rate: 85.7% (18 successes, 3 failures, 1 cancelled, 1 in-progress)
• Average Turns per Run: 4.2 turns
• Issues Found: 3 errors, 1 missing data instance, 0 missing tools

📊 Trend Analysis

Workflow Health Trends

Analysis: All workflow runs occurred today (Feb 18), showing concentrated activity. The success rate of 85.7% is healthy, though 3 failures warrant investigation. Most workflows completed successfully with minimal errors.

Token Usage & Cost Trends

Analysis: Token usage was concentrated in today's runs, with ~30M tokens consumed at a cost of $3.95. The Duplicate Code Detector workflow alone consumed 72M tokens (from extended period data), indicating high-cost operations for deep code analysis tasks.

---

⚠️ Failed Workflows

View Failed Workflow Details

1. Contribution Check

• Run ID: §22127735732
• Duration: 21.4 minutes
• Error: Missing data - PR Validate numeric context variables in activation to prevent injection attacks #16515 does not exist in openclaw/openclaw
• Details: The workflow attempted to check PR Validate numeric context variables in activation to prevent injection attacks #16515 in the openclaw/openclaw repository, but the PR does not exist. Current PRs in that repo are numbered ~19783-19793.
• Recommendation: Update workflow configuration to validate PR numbers before execution, or handle missing PR gracefully.

2. Chroma Issue Indexer

• Run ID: §22126796887
• Duration: 21.5 minutes
• Error: Workflow execution failure (timeout/resource constraint)
• Details: Long-running workflow that failed after 21.5 minutes. Firewall logs show 6 blocked requests to pypi.org.
• Recommendation: Investigate timeout issues and review pypi.org blocking impact on Python dependencies.

3. Smoke Copilot SDK

• Run ID: §22127763098
• Duration: 2.9 minutes
• Error: Test failure
• Details: Quick failure in smoke test suite.
• Recommendation: Review test failure logs to identify breaking changes.

---

🔥 Firewall Analysis

Network Request Summary:

• Total Requests: 1,102
• Allowed: 385 (35%)
• Blocked: 717 (65%)

Allowed Domains

• api.anthropic.com:443 - Claude API (102 requests)
• api.githubcopilot.com:443 - Copilot API (221 requests)
• api.openai.com:443 - OpenAI API (41 requests)
• api.github.com:443 - GitHub API (3 requests)
• registry.npmjs.org:443 - NPM registry (16 requests)
• raw.githubusercontent.com:443 - GitHub raw content (1 request)
• proxy.golang.org:443 - Go module proxy (1 request)

Blocked Domains

• "-" (null/invalid): 711 requests - These are likely invalid DNS requests or connection attempts
• pypi.org:443: 6 requests - Python package index (may affect Python workflows)

Top Workflows by Network Activity:

1. Chroma Issue Indexer - 375 requests (247 blocked, 128 allowed)
2. Contribution Check - 296 requests (240 blocked, 56 allowed)
3. Daily Documentation Updater - 135 requests (53 blocked, 82 allowed)

Observation: High block rate (65%) is expected and indicates firewall is functioning correctly. The "-" blocked requests suggest internal network noise or failed connection attempts.

---

💰 Cost Analysis

View Top Workflows by Cost

Workflow	Cost	Tokens	Turns	Run ID
Scout (Claude)	$1.34	812,924	20	§22128082812
Scout (Claude)	$1.30	649,252	18	§22127588873
Daily Documentation Updater (Claude)	$1.31	1,269,488	40	§22126374619

Extended Period Analysis:

• Duplicate Code Detector (Codex) - 72M tokens in single run (from 30-day data)
• Smoke Codex - 19M tokens across runs
• Changeset Generator - 7M tokens per run

Observation: Claude-based workflows (Scout, Daily Docs) show consistent costs around $1.30 per run with high turn counts, indicating interactive research tasks. Codex-based code analysis workflows consume significantly more tokens but with fewer turns.

---

🔧 Missing Tools & Data

Missing Data

1. Pull Request Validate numeric context variables in activation to prevent injection attacks #16515 (Contribution Check workflow)
   • Reason: PR does not exist in openclaw/openclaw repository
   • Context: Repository exists with active PRs numbered ~19783-19793
   • Alternative: Verify PR number is correct or provide valid PR reference

Missing Tools

None detected in the last 24 hours.

Extended analysis (30-day period) shows:

• GitHub MCP tools (1 instance) - GitHub Remote MCP Authentication Test workflow reported "list_issues, get_repository" tools unavailable due to "MCP toolsets unavailable in runner - tools not loaded"

---

🎯 Tool Usage Statistics

View Most Used Tools (Last 24 Hours)

Tool	Total Calls	Workflows	Max Duration
Read	25	3	4.1m
TodoWrite	12	2	4.1m
tavily_tavily_search	9	2	2.4m
github_pull_request_read	5	1	4.1m
serena_find_symbol	5	1	1.7s
Grep	4	2	4.1m
Glob	3	2	4.1m
safeoutputs_add_comment	3	3	2.4m

Observation: File operations (Read, Grep, Glob) and search tools (tavily_tavily_search) are heavily used. Safe outputs tools are functioning correctly with 3 comment additions across workflows.

---

🎯 Recommendations

1. Fix Contribution Check Workflow

   • Validate PR references before workflow execution
   • Add error handling for non-existent PRs
   • Priority: Medium

2. Investigate Chroma Issue Indexer Timeouts

   • Review 21.5-minute runtime before failure
   • Check if pypi.org blocking affects dependencies
   • Consider adding retry logic or timeout handling
   • Priority: High

3. Monitor Firewall Blocking Patterns

   • 65% block rate is expected but monitor for legitimate blocks
   • Consider whitelisting pypi.org if needed for Python workflows
   • Investigate 711 blocked "-" (null) requests
   • Priority: Low

4. Optimize High-Token Workflows

   • Duplicate Code Detector: 72M tokens per run needs optimization
   • Consider chunking or sampling strategies for large codebases
   • Priority: Medium

5. Review Smoke Test Failures

   • Smoke Copilot SDK failed in 2.9 minutes
   • Identify and fix breaking changes in SDK tests
   • Priority: Medium

---

📈 Historical Context

Comparison with Previous Audits:

• First automated audit with comprehensive firewall and tool usage tracking
• Baseline established for future trend analysis
• Audit data stored in /tmp/gh-aw/repo-memory/default/audits/2026-02-18.json

---

📝 Next Steps

• Investigate Contribution Check PR validation logic
• Analyze Chroma Issue Indexer timeout root cause
• Review pypi.org firewall blocking impact
• Optimize Duplicate Code Detector token usage
• Fix Smoke Copilot SDK test failures

---

References:

• §22127735732 - Contribution Check failure
• §22126796887 - Chroma Issue Indexer failure
• §22125968544 - Duplicate Code Detector high token usage

---

Audit conducted by Agentic Workflow Audit Agent | Data stored in memory/audit-workflows branch

AI generated by Agentic Workflow Audit Agent

• expires on Feb 25, 2026, 5:56 AM UTC

[github-actions[bot]]

💥 WHOOSH! The Smoke Test Agent swooped through here like lightning! ⚡

BAM! All systems checked - Claude engine running smooth as silk! The agentic workflow universe is safe... for now! 🦸

KAPOW! Time to vanish into the digital cosmos! 🚀✨

💥 [THE END] — Illustrated by Smoke Claude

[github-actions[bot]]

🤖 Beep boop! The smoke test agent swooped through here testing all the fancy MCP tools. Everything's working smoothly - GitHub queries ✅, file operations ✅, browser automation ✅. Now back to my digital coffee break! ☕

📰 BREAKING: Report filed by Smoke Copilot