风险评分

94/100 (Very Low)

OpenClaw: benign
VirusTotal: benign
StaticScan: unknown

GitHub Actions Self-Hosted Risk Audit

作者: Daniel Lummis
Slug:github-actions-self-hosted-risk-audit
版本:1.0.0
更新时间:2026-03-08 09:07:55
风险信息

OpenClaw: benign

查看 OpenClaw 分析摘要(前 200 字预览) 
This skill is internally consistent: it scans local GitHub Actions workflow YAML files for self-hosted-runner risks, requires only bash/python3, does not ask for credentials or perform network access,...

[内容已截断]

VirusTotal: benign VT 报告

静态扫描: unknown

README

README 未提供

文件列表

无文件信息

下载
下载官方 ZIP
原始 JSON 数据
{
    "latestVersion": {
        "_creationTime": 1772932067317,
        "_id": "k97fs77g9hq23bjbetstanxht982gs0c",
        "changelog": "Initial release of github-actions-self-hosted-risk-audit.\n\n- Scans GitHub Actions workflows for use of self-hosted runners and flags risky configurations.\n- Detects dangerous trigger combinations, privilege escalation, overly broad runner selection, and insecure checkout steps.\n- Supports customizable input options including file glob, output format (text\/json), scoring thresholds, and CI fail gating.\n- Outputs either a summary report or detailed JSON, and can fail CI on critical findings.",
        "changelogSource": "auto",
        "createdAt": 1772932067317,
        "parsed": {
            "clawdis": {
                "requires": {
                    "bins": [
                        "bash",
                        "python3"
                    ]
                }
            }
        },
        "version": "1.0.0"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "Daniel Lummis",
        "handle": "daniellummis",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/65238171?v=4",
        "kind": "user",
        "linkedUserId": "kn74qp31gs45fmt9eg7jbc4r6n828jdj"
    },
    "ownerHandle": "daniellummis",
    "skill": {
        "_creationTime": 1772932067317,
        "_id": "kd7e0vqfzxaw8fr5qqq8dpysyn82hn3p",
        "badges": [],
        "createdAt": 1772932067317,
        "displayName": "GitHub Actions Self-Hosted Risk Audit",
        "latestVersionId": "k97fs77g9hq23bjbetstanxht982gs0c",
        "ownerUserId": "kn74qp31gs45fmt9eg7jbc4r6n828jdj",
        "slug": "github-actions-self-hosted-risk-audit",
        "stats": {
            "comments": 0,
            "downloads": 163,
            "installsAllTime": 0,
            "installsCurrent": 0,
            "stars": 0,
            "versions": 1
        },
        "summary": "Audit GitHub Actions workflows that use self-hosted runners for untrusted trigger and credential-hardening risks.",
        "tags": {
            "latest": "k97fs77g9hq23bjbetstanxht982gs0c"
        },
        "updatedAt": 1772932075882
    }
}