ClawHub

GitHub Actions Self-Hosted Risk Audit

v1.0.0

Audit GitHub Actions workflows that use self-hosted runners for untrusted trigger and credential-hardening risks.

0· 268·0 current·0 all-time
byDaniel Lummis@daniellummis

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daniellummis/github-actions-self-hosted-risk-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GitHub Actions Self-Hosted Risk Audit" (daniellummis/github-actions-self-hosted-risk-audit) from ClawHub.
Skill page: https://clawhub.ai/daniellummis/github-actions-self-hosted-risk-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: bash, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-actions-self-hosted-risk-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-actions-self-hosted-risk-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation. The script scans workflow YAML files for self-hosted runner patterns and flags trigger/permission/checkout issues. Required binaries (bash, python3) are appropriate and no unrelated credentials or services are requested.
Instruction Scope
Runtime instructions and the included script operate on local files matched by WORKFLOW_GLOB (default .github/workflows/*.y*ml) and only read those files, apply regex checks, and emit reports. There are no instructions to read unrelated system config, exfiltrate data, or call external endpoints. Note: the tool uses regex-based parsing rather than a YAML parser, so it may be brittle and produce false positives/negatives, but that is a functional (not malicious) limitation.
Install Mechanism
No install spec or external downloads — this is instruction-only plus an included shell script. Nothing is pulled from external URLs or written to system locations by an installer.
Credentials
No required environment variables or credentials. Optional env vars control which files to scan and thresholds; they are configuration-only and proportional to the skill's purpose.
Persistence & Privilege
The skill does not request persistent/global privileges (always:false), does not modify other skills or system-wide configs, and does not store credentials. It runs on demand and can be invoked by the user.
Assessment
This skill appears safe to run locally: it only reads workflow YAML files and reports risky patterns, and it does not require API tokens or network access. Before installing/running, review or run the included script on a non-sensitive copy of your repo if you have concerns; note that the tool uses regex-based checks (not a full YAML AST), so expect occasional false positives/negatives. Also be cautious if you override WORKFLOW_GLOB to scan arbitrary paths — the script will read any files you point it at.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk97fs77g9hq23bjbetstanxht982gs0c
268downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Self-Hosted Risk Audit

Use this skill to flag risky workflow patterns when jobs run on self-hosted GitHub Actions runners.

What this skill does

  • Scans workflow YAML files (.github/workflows/*.yml by default)
  • Detects workflows that reference self-hosted runners
  • Flags high-risk trigger combinations (pull_request_target, pull_request, issue_comment)
  • Flags broad/self-hosted-only runner selection (no extra routing labels)
  • Flags workflows with write-capable permissions in self-hosted contexts
  • Flags actions/checkout steps that do not set persist-credentials: false
  • Supports text/json output and CI fail gate

Inputs

Optional:

  • WORKFLOW_GLOB (default: .github/workflows/*.y*ml)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • WARN_SCORE (default: 4)
  • CRITICAL_SCORE (default: 8)
  • WORKFLOW_FILE_MATCH / WORKFLOW_FILE_EXCLUDE (regex, optional)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Run

Text report:

WORKFLOW_GLOB='.github/workflows/*.yml' \
WARN_SCORE=4 \
CRITICAL_SCORE=8 \
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh

JSON output + fail gate:

WORKFLOW_GLOB='.github/workflows/*.y*ml' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh

Run against bundled fixtures:

WORKFLOW_GLOB='skills/github-actions-self-hosted-risk-audit/fixtures/*.y*ml' \
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh

Output contract

  • Exit 0 in reporting mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more workflows are critical
  • Text mode prints summary + top flagged workflows
  • JSON mode prints summary + flagged workflows + critical workflows

Comments

Loading comments...