GitHub Actions Audit

authHTTPregistry active

Summary

This server audits GitHub Actions workflow YAML files for 21 supply chain vulnerabilities, from script injection and secret leaks to the pull_request_target exploitation pattern that bit codecov and tj-actions. You can paste workflow content directly or pass a raw GitHub URL, then get back structured findings with severity, exact step location, and fix snippets. Use audit_workflow() to run all checks or narrow to check_secrets(), check_permissions(), check_action_pinning(), and four others. It catches patterns like unpinned actions on mutable tags, GITHUB_TOKEN write-all grants, and untrusted github.event interpolation. Runs on Apify with pay-per-event billing at two cents per audit call. Built by Unbearable Labs alongside sibling auditors for Dockerfiles and docker-compose files.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

GitHub Actions Security Audit

MCP server that audits .github/workflows/*.yml files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and pull_request_target foot-guns — the patterns behind several 2024–2025 supply-chain incidents.

Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called.

Available on

Apify Actor Store — primary, metered usage (PPE)
MCPize — pending submission
MCP.so — pending submission
PulseMCP — pending submission
Smithery — pending submission
Glama — pending submission

Newsletter: Unbearable TechTips Weekly · All Actors: github.com/UnbearableDev

What it does

Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a workflow YAML, and get back structured findings with:

Severity — critical / high / medium / low / info
Affected job and step — exact location of the problem
Description — why it matters, with the actual attack vector
Remediation — what to do about it
Fix snippet — YAML you can paste directly

Tools

Tool	Purpose
`audit_workflow(workflow_yaml? \| workflow_url?, min_severity='low')`	Run all checks
`check_secrets(...)`	Secret-leakage paths only
`check_permissions(...)`	`GITHUB_TOKEN` scope issues only
`check_action_pinning(...)`	Action version-pinning only
`check_runner_security(...)`	Self-hosted runner + script injection
`check_workflow_config(...)`	Timeout / config hygiene
`check_supply_chain_advanced(...)`	TeamPCP-class supply-chain patterns (GHA-201..208)
`list_checks(category?)`	Browse the catalog

Provide exactly one of workflow_yaml (paste the content) or workflow_url (HTTPS URL — typically a GitHub raw URL to a specific workflow file).

Check catalog (v2: 21 checks)

ID	Category	Severity	Title
GHA-001	secrets	high	Secret interpolated directly into `run:` script
GHA-002	secrets	high	Secret printed via echo / set-output
GHA-003	secrets	medium	Secret used in `if:` condition
GHA-004	secrets	high	Hardcoded credential pattern in `env:`
GHA-010	permissions	high	`permissions: write-all` granted
GHA-011	permissions	medium	No top-level `permissions:` (inherits broad default)
GHA-013	permissions	high	`pull_request_target` + checkout PR head = PWNing pattern
GHA-020	action_pinning	high	Third-party action pinned to mutable tag
GHA-021	action_pinning	high	Third-party action pinned to mutable branch
GHA-022	action_pinning	medium	First-party action not SHA-pinned
GHA-030	runner_security	medium	Self-hosted runner used on `pull_request` from forks
GHA-032	runner_security	high	Script injection via untrusted `github.event.*` interpolation
GHA-040	workflow_config	low	No `timeout-minutes` on job
GHA-201	supply_chain_advanced	high	Action pinned to unpinned branch ref (TeamPCP-class: @main/@master)
GHA-202	supply_chain_advanced	high	Action pinned to mutable tag — SHA pin recommended
GHA-203	supply_chain_advanced	critical	`pull_request_target` + checkout of PR head SHA/ref (codecov/tj-actions exploitation path)
GHA-204	supply_chain_advanced	high	Script injection via `github.event.*` user-controlled field in `run:`
GHA-205	supply_chain_advanced	medium	Action from non-allowlisted owner (untrusted 3rd-party)
GHA-206	supply_chain_advanced	high	Top-level `permissions: write-all` or `contents: write` without per-job scoping
GHA-207	supply_chain_advanced	medium	Secret logged via `echo` / `cat` in `run:` block
GHA-208	supply_chain_advanced	low	Action uses a known-retired tag

Pricing

Event	USD
Any audit / check_* tool call	$0.02
`list_checks` discovery	$0.005

Connecting from Claude Desktop

{
  "mcpServers": {
    "gha-audit": {
      "transport": "streamable-http",
      "url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
    }
  }
}

Sibling MCPs from Unbearable Labs

docker-compose-audit — docker-compose.yml security audit
dockerfile-audit — Dockerfile security & quality
hu-postcode-validator — Hungarian postcode lookup

What's NOT covered (yet)

Reusable workflow auditing (multi-file resolution)
CodeQL-grade dataflow tracking
Marketplace-listed action reputation scoring

Source / contact

Source: github.com/UnbearableDev/github-actions-audit. Issues + ideas: unbearabledev@gmail.com.

📬 Built by Noel @ Unbearable Labs. More MCP servers + audit tips in the newsletter: https://unbearabletechtips.beehiiv.com

GitHub Actions Audit

GitHub Actions Audit

GitHub Actions Security Audit

Available on

What it does

Tools

Check catalog (v2: 21 checks)

Pricing

Connecting from Claude Desktop

Sibling MCPs from Unbearable Labs

What's NOT covered (yet)

Source / contact

Related Developer Tools MCP Servers

GitHub Actions Security Audit

Available on

What it does

Tools

Check catalog (v2: 21 checks)

Pricing

Connecting from Claude Desktop

Sibling MCPs from Unbearable Labs

What's NOT covered (yet)

Source / contact

Related Developer Tools MCP Servers