# GitHub Actions Security Audit (`unbearable_dev/github-actions-audit`) Actor Audits .github/workflows/\*.yml for supply-chain risks: script injection, leaked tokens, unpinned actions, broad permissions, pull\_request\_target pitfalls. MCP-native - call from Claude Desktop, Cursor, n8n, or any MCP client. Pay-per-event. Built by Unbearable Labs. - **URL**: https://apify.com/unbearable\_dev/github-actions-audit.md - **Developed by:** [Noel Himer](https://apify.com/unbearable_dev) (community) - **Categories:** Developer tools, Automation, MCP servers - **Stats:** 1 total users, 1 monthly users, 0.0% runs succeeded, 0 bookmarks - **User rating**: No ratings yet ## Pricing from $20.00 / 1,000 github actions audit calls This Actor is paid per event and usage. You are charged both the fixed price for specific events and for Apify platform usage. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## GitHub Actions Security Audit > MCP server that audits `.github/workflows/*.yml` files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and `pull_request_target` foot-guns — the patterns behind several 2024-2025 supply-chain incidents. **Built by [Unbearable Labs](https://github.com/UnbearableDev). Free to use — bring your own Apify token.** --- ### Available on - [Apify Actor Store](https://apify.com/unbearable_dev/github-actions-audit) — primary - [Smithery](https://smithery.ai/servers/unbearabledev/github-actions-audit) **Newsletter:** [Unbearable TechTips Weekly](https://unbearabletechtips.beehiiv.com) · **All Actors:** [github.com/UnbearableDev](https://github.com/UnbearableDev) ### What it does Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a workflow YAML, and get back structured findings with: - **Severity** — critical / high / medium / low / info - **Affected job and step** — exact location of the problem - **Description** — why it matters, with the actual attack vector - **Remediation** — what to do about it - **Fix snippet** — YAML you can paste directly ### Tools | Tool | Purpose | |------|---------| | `audit_workflow(workflow_yaml? \| workflow_url?, min_severity='low')` | Run all checks | | `check_secrets(...)` | Secret-leakage paths only | | `check_permissions(...)` | `GITHUB_TOKEN` scope issues only | | `check_action_pinning(...)` | Action version-pinning only | | `check_runner_security(...)` | Self-hosted runner + script injection | | `check_workflow_config(...)` | Timeout / config hygiene | | `check_supply_chain_advanced(...)` | TeamPCP-class supply-chain patterns (GHA-201..208) | | `list_checks(category?)` | Browse the catalog | Provide exactly one of `workflow_yaml` (paste the content) or `workflow_url` (HTTPS URL — typically a GitHub raw URL to a specific workflow file). ### Example Input: ```yaml on: pull_request_target: types: [opened] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha }} - uses: tj-actions/changed-files@v35 - name: Echo title run: echo "${{ github.event.pull_request.title }}" ```` Output: ```json [ { "check_id": "GHA-203", "severity": "critical", "job": "build", "step": null, "message": "'pull_request_target' + checkout of PR head SHA — grants write-token access to untrusted code", "remediation": "Use 'pull_request' trigger instead, or do not check out the PR head when using pull_request_target" }, { "check_id": "GHA-201", "severity": "high", "job": "build", "step": null, "message": "Third-party action 'tj-actions/changed-files' pinned to mutable semver tag '@v35'", "remediation": "Pin to a full commit SHA: 'tj-actions/changed-files@<40-char-sha> # v35'" }, { "check_id": "GHA-204", "severity": "high", "job": "build", "step": "Echo title", "message": "PR title interpolated into 'run:' — attacker can inject shell commands via crafted PR title", "remediation": "Move to an env var and reference $PR_TITLE in the run step" } ] ``` ### Check catalog (v2: 21 checks) | ID | Category | Severity | Title | |----|----------|----------|-------| | GHA-001 | secrets | high | Secret interpolated directly into `run:` script | | GHA-002 | secrets | high | Secret printed via echo / set-output | | GHA-003 | secrets | medium | Secret used in `if:` condition | | GHA-004 | secrets | high | Hardcoded credential pattern in `env:` | | GHA-010 | permissions | high | `permissions: write-all` granted | | GHA-011 | permissions | medium | No top-level `permissions:` (inherits broad default) | | GHA-013 | permissions | high | `pull_request_target` + checkout PR head = PWNing pattern | | GHA-020 | action\_pinning | high | Third-party action pinned to mutable tag | | GHA-021 | action\_pinning | high | Third-party action pinned to mutable branch | | GHA-022 | action\_pinning | medium | First-party action not SHA-pinned | | GHA-030 | runner\_security | medium | Self-hosted runner used on `pull_request` from forks | | GHA-032 | runner\_security | high | Script injection via untrusted `github.event.*` interpolation | | GHA-040 | workflow\_config | low | No `timeout-minutes` on job | | GHA-201 | supply\_chain\_advanced | high | Action pinned to unpinned branch ref (@main/@master) | | GHA-202 | supply\_chain\_advanced | high | Action pinned to mutable tag — SHA pin recommended | | GHA-203 | supply\_chain\_advanced | critical | `pull_request_target` + checkout of PR head SHA/ref (codecov/tj-actions exploitation path) | | GHA-204 | supply\_chain\_advanced | high | Script injection via `github.event.*` user-controlled field in `run:` | | GHA-205 | supply\_chain\_advanced | medium | Action from non-allowlisted owner (untrusted 3rd-party) | | GHA-206 | supply\_chain\_advanced | high | Top-level `permissions: write-all` or `contents: write` without per-job scoping | | GHA-207 | supply\_chain\_advanced | medium | Secret logged via `echo` / `cat` in `run:` block | | GHA-208 | supply\_chain\_advanced | low | Action uses a known-retired tag | ### Pricing Free to use — hosted on Apify, bring your own Apify token. ### Connecting from Claude Desktop ```json { "mcpServers": { "gha-audit": { "transport": "streamable-http", "url": "https://unbearable-dev--github-actions-audit.apify.actor/mcp", "headers": { "Authorization": "Bearer " } } } } ``` ### Sibling MCPs from Unbearable Labs - **[`docker-compose-audit`](https://apify.com/unbearable_dev/docker-compose-audit)** — `docker-compose.yml` security audit - **[`dockerfile-audit`](https://apify.com/unbearable_dev/dockerfile-audit)** — Dockerfile security & quality - **[`k8s-manifest-audit`](https://apify.com/unbearable_dev/k8s-manifest-audit)** — Kubernetes manifest audit - **[`hu-postcode-validator`](https://apify.com/unbearable_dev/hu-postcode-validator)** — Hungarian postcode lookup ### What's NOT covered (yet) - Reusable workflow auditing (multi-file resolution) - CodeQL-grade dataflow tracking - Marketplace-listed action reputation scoring ### Source / contact Source: [github.com/UnbearableDev/github-actions-audit](https://github.com/UnbearableDev/github-actions-audit). Issues + ideas: `unbearabledev@gmail.com`. *** Built by Noel @ Unbearable Labs — more like this in the weekly newsletter: https://unbearabletechtips.beehiiv.com # Actor input Schema ## Actor input object example ```json {} ``` # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = {}; // Run the Actor and wait for it to finish const run = await client.actor("unbearable_dev/github-actions-audit").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = {} # Run the Actor and wait for it to finish run = client.actor("unbearable_dev/github-actions-audit").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{}' | apify call unbearable_dev/github-actions-audit --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=unbearable_dev/github-actions-audit", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "GitHub Actions Security Audit", "description": "Audits .github/workflows/*.yml for supply-chain risks: script injection, leaked tokens, unpinned actions, broad permissions, pull_request_target pitfalls. MCP-native - call from Claude Desktop, Cursor, n8n, or any MCP client. Pay-per-event. Built by Unbearable Labs.", "version": "0.2", "x-build-id": "moNQfWPRFJPDd2Jiw" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/unbearable_dev~github-actions-audit/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-unbearable_dev-github-actions-audit", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/unbearable_dev~github-actions-audit/runs": { "post": { "operationId": "runs-sync-unbearable_dev-github-actions-audit", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/unbearable_dev~github-actions-audit/run-sync": { "post": { "operationId": "run-sync-unbearable_dev-github-actions-audit", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": {} }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```