Odel
GitHub Actions Audit

GitHub Actions Audit

@unbearabledevDeveloper ToolsPythonUpdated 1w ago

GitHub Actions workflow security audit - 21 checks: pinning, permissions, secrets, injection.

View on GitHubSign in to connect
Server endpointStreamable HTTP
https://unbearable-dev--github-actions-audit.apify.actor/mcp

This is the third-party server itself — Odel doesn't run it. Hitting this URL directly talks straight to the upstream server with no auth or proxying. Connect through Odel to front it with managed auth.

GitHub Actions Security Audit

MCP server that audits .github/workflows/*.yml files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and pull_request_target foot-guns — the patterns behind several 2024–2025 supply-chain incidents.

Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called.

Available on

  • Apify Actor Store — primary, metered usage (PPE)
  • MCPize — pending submission
  • MCP.so — pending submission
  • PulseMCP — pending submission
  • Smithery — pending submission
  • Glama — pending submission

Newsletter: Unbearable TechTips Weekly · All Actors: github.com/UnbearableDev

What it does

Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a workflow YAML, and get back structured findings with:

  • Severity — critical / high / medium / low / info
  • Affected job and step — exact location of the problem
  • Description — why it matters, with the actual attack vector
  • Remediation — what to do about it
  • Fix snippet — YAML you can paste directly

Tools

ToolPurpose
audit_workflow(workflow_yaml? | workflow_url?, min_severity='low')Run all checks
check_secrets(...)Secret-leakage paths only
check_permissions(...)GITHUB_TOKEN scope issues only
check_action_pinning(...)Action version-pinning only
check_runner_security(...)Self-hosted runner + script injection
check_workflow_config(...)Timeout / config hygiene
check_supply_chain_advanced(...)TeamPCP-class supply-chain patterns (GHA-201..208)
list_checks(category?)Browse the catalog

Provide exactly one of workflow_yaml (paste the content) or workflow_url (HTTPS URL — typically a GitHub raw URL to a specific workflow file).

Check catalog (v2: 21 checks)

IDCategorySeverityTitle
GHA-001secretshighSecret interpolated directly into run: script
GHA-002secretshighSecret printed via echo / set-output
GHA-003secretsmediumSecret used in if: condition
GHA-004secretshighHardcoded credential pattern in env:
GHA-010permissionshighpermissions: write-all granted
GHA-011permissionsmediumNo top-level permissions: (inherits broad default)
GHA-013permissionshighpull_request_target + checkout PR head = PWNing pattern
GHA-020action_pinninghighThird-party action pinned to mutable tag
GHA-021action_pinninghighThird-party action pinned to mutable branch
GHA-022action_pinningmediumFirst-party action not SHA-pinned
GHA-030runner_securitymediumSelf-hosted runner used on pull_request from forks
GHA-032runner_securityhighScript injection via untrusted github.event.* interpolation
GHA-040workflow_configlowNo timeout-minutes on job
GHA-201supply_chain_advancedhighAction pinned to unpinned branch ref (TeamPCP-class: @main/@master)
GHA-202supply_chain_advancedhighAction pinned to mutable tag — SHA pin recommended
GHA-203supply_chain_advancedcriticalpull_request_target + checkout of PR head SHA/ref (codecov/tj-actions exploitation path)
GHA-204supply_chain_advancedhighScript injection via github.event.* user-controlled field in run:
GHA-205supply_chain_advancedmediumAction from non-allowlisted owner (untrusted 3rd-party)
GHA-206supply_chain_advancedhighTop-level permissions: write-all or contents: write without per-job scoping
GHA-207supply_chain_advancedmediumSecret logged via echo / cat in run: block
GHA-208supply_chain_advancedlowAction uses a known-retired tag

Pricing

EventUSD
Any audit / check_* tool call$0.02
list_checks discovery$0.005

Connecting from Claude Desktop

{
  "mcpServers": {
    "gha-audit": {
      "transport": "streamable-http",
      "url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
    }
  }
}

Sibling MCPs from Unbearable Labs

What's NOT covered (yet)

  • Reusable workflow auditing (multi-file resolution)
  • CodeQL-grade dataflow tracking
  • Marketplace-listed action reputation scoring

Source / contact

Source: github.com/UnbearableDev/github-actions-audit. Issues + ideas: unbearabledev@gmail.com.

📬 Built by Noel @ Unbearable Labs. More MCP servers + audit tips in the newsletter: https://unbearabletechtips.beehiiv.com