MCP server that audits
.github/workflows/*.ymlfiles for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, andpull_request_targetfoot-guns — the patterns behind several 2024–2025 supply-chain incidents.
Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called.
- Apify Actor Store — primary, metered usage (PPE)
- MCPize — pending submission
- MCP.so — pending submission
- PulseMCP — pending submission
- Smithery — pending submission
- Glama — pending submission
Newsletter: Unbearable TechTips Weekly · All Actors: github.com/UnbearableDev
Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a workflow YAML, and get back structured findings with:
- Severity — critical / high / medium / low / info
- Affected job and step — exact location of the problem
- Description — why it matters, with the actual attack vector
- Remediation — what to do about it
- Fix snippet — YAML you can paste directly
| Tool | Purpose |
|---|---|
audit_workflow(workflow_yaml? | workflow_url?, min_severity='low') |
Run all checks |
check_secrets(...) |
Secret-leakage paths only |
check_permissions(...) |
GITHUB_TOKEN scope issues only |
check_action_pinning(...) |
Action version-pinning only |
check_runner_security(...) |
Self-hosted runner + script injection |
check_workflow_config(...) |
Timeout / config hygiene |
check_supply_chain_advanced(...) |
TeamPCP-class supply-chain patterns (GHA-201..208) |
list_checks(category?) |
Browse the catalog |
Provide exactly one of workflow_yaml (paste the content) or workflow_url (HTTPS URL — typically a GitHub raw URL to a specific workflow file).
| ID | Category | Severity | Title |
|---|---|---|---|
| GHA-001 | secrets | high | Secret interpolated directly into run: script |
| GHA-002 | secrets | high | Secret printed via echo / set-output |
| GHA-003 | secrets | medium | Secret used in if: condition |
| GHA-004 | secrets | high | Hardcoded credential pattern in env: |
| GHA-010 | permissions | high | permissions: write-all granted |
| GHA-011 | permissions | medium | No top-level permissions: (inherits broad default) |
| GHA-013 | permissions | high | pull_request_target + checkout PR head = PWNing pattern |
| GHA-020 | action_pinning | high | Third-party action pinned to mutable tag |
| GHA-021 | action_pinning | high | Third-party action pinned to mutable branch |
| GHA-022 | action_pinning | medium | First-party action not SHA-pinned |
| GHA-030 | runner_security | medium | Self-hosted runner used on pull_request from forks |
| GHA-032 | runner_security | high | Script injection via untrusted github.event.* interpolation |
| GHA-040 | workflow_config | low | No timeout-minutes on job |
| GHA-201 | supply_chain_advanced | high | Action pinned to unpinned branch ref (TeamPCP-class: @main/@master) |
| GHA-202 | supply_chain_advanced | high | Action pinned to mutable tag — SHA pin recommended |
| GHA-203 | supply_chain_advanced | critical | pull_request_target + checkout of PR head SHA/ref (codecov/tj-actions exploitation path) |
| GHA-204 | supply_chain_advanced | high | Script injection via github.event.* user-controlled field in run: |
| GHA-205 | supply_chain_advanced | medium | Action from non-allowlisted owner (untrusted 3rd-party) |
| GHA-206 | supply_chain_advanced | high | Top-level permissions: write-all or contents: write without per-job scoping |
| GHA-207 | supply_chain_advanced | medium | Secret logged via echo / cat in run: block |
| GHA-208 | supply_chain_advanced | low | Action uses a known-retired tag |
| Event | USD |
|---|---|
| Any audit / check_* tool call | $0.02 |
list_checks discovery |
$0.005 |
{
"mcpServers": {
"gha-audit": {
"transport": "streamable-http",
"url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
}
}
}docker-compose-audit—docker-compose.ymlsecurity auditdockerfile-audit— Dockerfile security & qualityhu-postcode-validator— Hungarian postcode lookup
- Reusable workflow auditing (multi-file resolution)
- CodeQL-grade dataflow tracking
- Marketplace-listed action reputation scoring
Source: github.com/UnbearableDev/github-actions-audit.
Issues + ideas: unbearabledev@gmail.com.