Command Palette

Search for a command to run...

UnylyUnyly
Browse all

GitHub Actions Audit

FreeNot checked

GitHub Actions workflow security audit - 21 checks: pinning, permissions, secrets, injection.

GitHubEmbed

About

GitHub Actions workflow security audit - 21 checks: pinning, permissions, secrets, injection.

README

MCP server that audits .github/workflows/*.yml files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and pull_request_target foot-guns — the patterns behind several 2024–2025 supply-chain incidents.

Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called.


Available on

  • Apify Actor Store — primary, metered usage (PPE)
  • MCPize — pending submission
  • MCP.so — pending submission
  • PulseMCP — pending submission
  • Smithery — pending submission
  • Glama — pending submission

Newsletter: Unbearable TechTips Weekly · All Actors: github.com/UnbearableDev

What it does

Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a workflow YAML, and get back structured findings with:

  • Severity — critical / high / medium / low / info
  • Affected job and step — exact location of the problem
  • Description — why it matters, with the actual attack vector
  • Remediation — what to do about it
  • Fix snippet — YAML you can paste directly

Tools

Tool Purpose
audit_workflow(workflow_yaml? | workflow_url?, min_severity='low') Run all checks
check_secrets(...) Secret-leakage paths only
check_permissions(...) GITHUB_TOKEN scope issues only
check_action_pinning(...) Action version-pinning only
check_runner_security(...) Self-hosted runner + script injection
check_workflow_config(...) Timeout / config hygiene
check_supply_chain_advanced(...) TeamPCP-class supply-chain patterns (GHA-201..208)
list_checks(category?) Browse the catalog

Provide exactly one of workflow_yaml (paste the content) or workflow_url (HTTPS URL — typically a GitHub raw URL to a specific workflow file).

Check catalog (v2: 21 checks)

ID Category Severity Title
GHA-001 secrets high Secret interpolated directly into run: script
GHA-002 secrets high Secret printed via echo / set-output
GHA-003 secrets medium Secret used in if: condition
GHA-004 secrets high Hardcoded credential pattern in env:
GHA-010 permissions high permissions: write-all granted
GHA-011 permissions medium No top-level permissions: (inherits broad default)
GHA-013 permissions high pull_request_target + checkout PR head = PWNing pattern
GHA-020 action_pinning high Third-party action pinned to mutable tag
GHA-021 action_pinning high Third-party action pinned to mutable branch
GHA-022 action_pinning medium First-party action not SHA-pinned
GHA-030 runner_security medium Self-hosted runner used on pull_request from forks
GHA-032 runner_security high Script injection via untrusted github.event.* interpolation
GHA-040 workflow_config low No timeout-minutes on job
GHA-201 supply_chain_advanced high Action pinned to unpinned branch ref (TeamPCP-class: @main/@master)
GHA-202 supply_chain_advanced high Action pinned to mutable tag — SHA pin recommended
GHA-203 supply_chain_advanced critical pull_request_target + checkout of PR head SHA/ref (codecov/tj-actions exploitation path)
GHA-204 supply_chain_advanced high Script injection via github.event.* user-controlled field in run:
GHA-205 supply_chain_advanced medium Action from non-allowlisted owner (untrusted 3rd-party)
GHA-206 supply_chain_advanced high Top-level permissions: write-all or contents: write without per-job scoping
GHA-207 supply_chain_advanced medium Secret logged via echo / cat in run: block
GHA-208 supply_chain_advanced low Action uses a known-retired tag

Pricing

Event USD
Any audit / check_* tool call $0.02
list_checks discovery $0.005

Connecting from Claude Desktop

{
  "mcpServers": {
    "gha-audit": {
      "transport": "streamable-http",
      "url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
    }
  }
}

Sibling MCPs from Unbearable Labs

What's NOT covered (yet)

  • Reusable workflow auditing (multi-file resolution)
  • CodeQL-grade dataflow tracking
  • Marketplace-listed action reputation scoring

Source / contact

Source: github.com/UnbearableDev/github-actions-audit. Issues + ideas: [email protected].


📬 Built by Noel @ Unbearable Labs. More MCP servers + audit tips in the newsletter: https://unbearabletechtips.beehiiv.com

from github.com/UnbearableDev/github-actions-audit

Installing GitHub Actions Audit

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/UnbearableDev/github-actions-audit

FAQ

Is GitHub Actions Audit MCP free?

Yes, GitHub Actions Audit MCP is free — one-click install via Unyly at no cost.

Does GitHub Actions Audit need an API key?

No, GitHub Actions Audit runs without API keys or environment variables.

Is GitHub Actions Audit hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install GitHub Actions Audit in Claude Desktop, Claude Code or Cursor?

Open GitHub Actions Audit on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare GitHub Actions Audit with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs