Skip to content

ci(monitor): run scheduled sweep rules-only so it reliably completes#20

Merged
Ap6pack merged 1 commit into
mainfrom
claude/monitor-rules-only-sweep
Jul 6, 2026
Merged

ci(monitor): run scheduled sweep rules-only so it reliably completes#20
Ap6pack merged 1 commit into
mainfrom
claude/monitor-rules-only-sweep

Conversation

@Ap6pack

@Ap6pack Ap6pack commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Description

Every scheduled run kept timing out — and with the resumable/budgeted machinery in place, the remaining cause is now clearly LLM escalation at registry scale, not the crawl. The registry is malware-dense (~20% flagged), so a large fraction of each batch triggers per-skill LLM calls (several seconds each), pushing runs past the 60-min limit before they can commit — and burning tokens every run.

Fix: run the automated sweep with --no-escalate (rule engine + threat intel only), and raise --max-scans to 3000 (rules-only is fetch-bound at ~2 req/s, so a bigger batch still fits).

Why this is safe: the accuracy report shows the rule engine alone detects 100% of malicious samples with zero false positives — the LLM adds verdict confidence, not additional catches. So automated coverage is unchanged; the sweep is now reliable and near-free, and the ~6k baseline converges in ~2 runs.

The LLM stays available for targeted malwar crawl scan <slug> deep-dives on any individual flagged skill. Re-enabling automated escalation (or adding a weekly LLM pass over just the already-flagged set) is a one-line change if wanted later.

Workflow + docs only — no code change.

Type of Change

  • Infrastructure / CI (reliability)

Checklist

  • Workflow YAML validated
  • Docs updated (docs/crawl.md)
  • No application code changed

🤖 Generated with Claude Code

https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL


Generated by Claude Code

Every scheduled run was timing out on LLM escalation: the registry is
malware-dense (~20% flagged), so a large fraction of each batch triggered
per-skill LLM calls (several seconds each), pushing runs past the 60-min
limit before they could commit — and costing tokens every run.

Run the automated sweep with --no-escalate (rule engine + threat intel
only). Per the accuracy report the rule engine alone detects 100% of
malicious samples with zero false positives, so coverage is unchanged; the
sweep is now fetch-bound (~2 req/s) and reliably fits the window. Raise
--max-scans to 3000 accordingly, so the ~6k baseline converges in ~2 runs.

The LLM stays available for targeted 'malwar crawl scan <slug>' deep-dives
on individual flagged skills; re-enabling automated escalation is a
one-line change if wanted later.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

✅ Malwar Scan Results

Metric Value
Verdict CLEAN
Risk Score 0/100
Findings 0

Scanned by Malwar — malware detection for agentic AI skills.

@Ap6pack Ap6pack merged commit 82e6de8 into main Jul 6, 2026
6 checks passed
@Ap6pack Ap6pack deleted the claude/monitor-rules-only-sweep branch July 6, 2026 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants