ClawHub

GitHub Actions Secret Exposure Audit

v1.0.0

Audit GitHub Actions workflow files for secret exposure risks like pull_request_target secret usage, secret echo commands, and unpinned action secret passing.

0· 286·1 current·1 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-secret-exposure-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Secret Exposure Audit" (daniellummis/github-actions-secret-exposure-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-secret-exposure-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-secret-exposure-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-secret-exposure-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the shipped files and runtime needs: a shell wrapper plus a Python script that scans workflow YAMLs. Required binaries (bash, python3) are appropriate for the implementation and purpose.
Instruction Scope
SKILL.md and the script stick to scanning files matched by WORKFLOW_GLOB and reporting findings. The script reads files from disk (user-specified glob) and does not call external endpoints or attempt to read unrelated environment variables. Note: because WORKFLOW_GLOB is user-controlled, running the skill with a broad glob could cause it to read arbitrary files on disk — this is expected behavior for a file-scanning tool but is something to be cautious about.
Install Mechanism
No install spec; instruction-only with bundled script. Nothing is downloaded or written to disk by an installer.
Credentials
The skill requires no secret environment variables or credentials. The environment variables it uses (WORKFLOW_GLOB, OUTPUT_FORMAT, thresholds, regex filters) are appropriate configuration knobs for a scanner.
Persistence & Privilege
always is false and the skill does not modify other skills or system settings. It runs on demand and only reads files matched by the glob; it does not persist or attempt to store credentials.
Assessment
This skill appears to do exactly what it says: statically scan GitHub Actions workflow YAMLs for risky secret usage patterns. It does not contact external services or request credentials. Before running, review WORKFLOW_GLOB to ensure you only scan intended paths (avoid globs that expose unrelated sensitive files). You can test using the bundled fixtures first. If you will allow autonomous agent invocation, remember the skill can read any files the agent's process user can read — limit its scope by controlling the glob and agent permissions if that is a concern.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk972mft00vav3hc1nerzwc75hd82fn02
286downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Secret Exposure Audit

Use this skill to catch risky secret handling patterns in workflow YAML before they leak credentials or allow unsafe token use.

What this skill does

  • Scans workflow YAML files (.github/workflows/*.yml by default)
  • Flags pull_request_target workflows that also reference ${{ secrets.* }}
  • Flags shell output commands that print secret expressions (echo, printf, tee, ::set-output)
  • Flags secret values passed into unpinned third-party actions (@main, @master, @v1, etc.)
  • Flags likely hardcoded credential values in workflow config
  • Supports text/json output and CI fail gate

Inputs

Optional:

  • WORKFLOW_GLOB (default: .github/workflows/*.y*ml)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • WARN_SCORE (default: 4)
  • CRITICAL_SCORE (default: 8)
  • WORKFLOW_FILE_MATCH / WORKFLOW_FILE_EXCLUDE (regex, optional)
  • ALLOW_REF_REGEX (regex, optional) — allow listed action refs (for example ^v1\.2\.3$)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Run

Text report:

WORKFLOW_GLOB='.github/workflows/*.yml' \
WARN_SCORE=4 \
CRITICAL_SCORE=8 \
bash skills/github-actions-secret-exposure-audit/scripts/secret-exposure-audit.sh

JSON output + fail gate:

WORKFLOW_GLOB='.github/workflows/*.y*ml' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-secret-exposure-audit/scripts/secret-exposure-audit.sh

Run against bundled fixtures:

WORKFLOW_GLOB='skills/github-actions-secret-exposure-audit/fixtures/*.y*ml' \
bash skills/github-actions-secret-exposure-audit/scripts/secret-exposure-audit.sh

Output contract

  • Exit 0 in reporting mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more workflows are critical
  • Text mode prints summary + top risky workflows
  • JSON mode prints summary + ranked workflows + critical workflows

Comments

Loading comments...