Back to plugin

Security audit

GitHub Workflow

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent read-only GitHub workflow plugin, but users should know it needs a GitHub token and may read PR, issue, commit, and diff data from repositories the token can access.

This plugin looks safe for its stated read-only GitHub workflow purpose. Before installing, create the narrowest GitHub token you can, avoid broad private-repo access unless needed, configure defaultRepos to limit what the agent searches, and be cautious about enabling any scheduled digest feature.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.