ci(monitor): run scheduled sweep rules-only so it reliably completes#20
Merged
Conversation
Every scheduled run was timing out on LLM escalation: the registry is malware-dense (~20% flagged), so a large fraction of each batch triggered per-skill LLM calls (several seconds each), pushing runs past the 60-min limit before they could commit — and costing tokens every run. Run the automated sweep with --no-escalate (rule engine + threat intel only). Per the accuracy report the rule engine alone detects 100% of malicious samples with zero false positives, so coverage is unchanged; the sweep is now fetch-bound (~2 req/s) and reliably fits the window. Raise --max-scans to 3000 accordingly, so the ~6k baseline converges in ~2 runs. The LLM stays available for targeted 'malwar crawl scan <slug>' deep-dives on individual flagged skills; re-enabling automated escalation is a one-line change if wanted later. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL
✅ Malwar Scan Results
Scanned by Malwar — malware detection for agentic AI skills. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Every scheduled run kept timing out — and with the resumable/budgeted machinery in place, the remaining cause is now clearly LLM escalation at registry scale, not the crawl. The registry is malware-dense (~20% flagged), so a large fraction of each batch triggers per-skill LLM calls (several seconds each), pushing runs past the 60-min limit before they can commit — and burning tokens every run.
Fix: run the automated sweep with
--no-escalate(rule engine + threat intel only), and raise--max-scansto 3000 (rules-only is fetch-bound at ~2 req/s, so a bigger batch still fits).Why this is safe: the accuracy report shows the rule engine alone detects 100% of malicious samples with zero false positives — the LLM adds verdict confidence, not additional catches. So automated coverage is unchanged; the sweep is now reliable and near-free, and the ~6k baseline converges in ~2 runs.
The LLM stays available for targeted
malwar crawl scan <slug>deep-dives on any individual flagged skill. Re-enabling automated escalation (or adding a weekly LLM pass over just the already-flagged set) is a one-line change if wanted later.Workflow + docs only — no code change.
Type of Change
Checklist
docs/crawl.md)🤖 Generated with Claude Code
https://claude.ai/code/session_01DNoTXU8k3pfSBzR7aJubqL
Generated by Claude Code