📦
审计历史
github-workflow-automation - 6 审计
审计版本 6
最新 低风险Jan 21, 2026, 06:36 PM
This skill provides legitimate GitHub Actions workflow automation capabilities. Static analysis detected 192 potential issues, but comprehensive review confirms these are false positives. The external commands are expected for GitHub CLI and npm tooling. All network access is to official GitHub documentation. No malicious patterns or security vulnerabilities were identified.
2
已扫描文件
2,933
分析行数
2
发现项
claude
审计者
低风险问题 (1)
External Command Execution in Workflow Templates
The skill provides templates and examples that execute external commands via npx, gh CLI, and bash. This is the intended functionality for a GitHub Actions automation skill. All commands are documented examples for legitimate GitHub workflow operations including CI/CD, testing, and deployment automation.
风险因素
⚙️ 外部命令 (3)
审计版本 5
中风险Jan 17, 2026, 03:41 AM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
2
已扫描文件
1,332
分析行数
4
发现项
claude
审计者
未发现安全问题
风险因素
📁 文件系统访问 (5)
⚙️ 外部命令 (138)
SKILL.md:37-43 SKILL.md:43-46 SKILL.md:46-56 SKILL.md:56-74 SKILL.md:74-78 SKILL.md:78-86 SKILL.md:86-92 SKILL.md:92-100 SKILL.md:100-104 SKILL.md:104-112 SKILL.md:112-116 SKILL.md:116-124 SKILL.md:124-128 SKILL.md:128-136 SKILL.md:136-142 SKILL.md:142-150 SKILL.md:150-154 SKILL.md:154-162 SKILL.md:162-168 SKILL.md:168-178 SKILL.md:178-201 SKILL.md:201-204 SKILL.md:204-226 SKILL.md:226-229 SKILL.md:229-256 SKILL.md:256-259 SKILL.md:259-275 SKILL.md:275-278 SKILL.md:278-301 SKILL.md:301-304 SKILL.md:304-319 SKILL.md:319-322 SKILL.md:322-342 SKILL.md:342-345 SKILL.md:345-363 SKILL.md:363-373 SKILL.md:373-380 SKILL.md:380-383 SKILL.md:383-389 SKILL.md:389-392 SKILL.md:392-398 SKILL.md:398-401 SKILL.md:401-407 SKILL.md:407-419 SKILL.md:419-427 SKILL.md:427-430 SKILL.md:430-448 SKILL.md:448-451 SKILL.md:451-457 SKILL.md:457-467 SKILL.md:467-473 SKILL.md:473-476 SKILL.md:476-482 SKILL.md:482-485 SKILL.md:485-491 SKILL.md:491-501 SKILL.md:501-526 SKILL.md:526-538 SKILL.md:538-557 SKILL.md:557-560 SKILL.md:560-575 SKILL.md:575-585 SKILL.md:585-598 SKILL.md:598-610 SKILL.md:610-627 SKILL.md:627-630 SKILL.md:630-636 SKILL.md:636-639 SKILL.md:639-646 SKILL.md:646-649 SKILL.md:649-661 SKILL.md:661-671 SKILL.md:671-678 SKILL.md:678-681 SKILL.md:681-691 SKILL.md:691-694 SKILL.md:694-699 SKILL.md:699-702 SKILL.md:702-708 SKILL.md:708-718 SKILL.md:718-725 SKILL.md:725-728 SKILL.md:728-734 SKILL.md:734-737 SKILL.md:737-744 SKILL.md:744-747 SKILL.md:747-758 SKILL.md:758-770 SKILL.md:770-779 SKILL.md:779-782 SKILL.md:782-788 SKILL.md:788-791 SKILL.md:791-797 SKILL.md:797-800 SKILL.md:800-806 SKILL.md:806-818 SKILL.md:818-879 SKILL.md:879-882 SKILL.md:882-915 SKILL.md:915-918 SKILL.md:918-927 SKILL.md:927-939 SKILL.md:939-944 SKILL.md:944-947 SKILL.md:947-953 SKILL.md:953-956 SKILL.md:956-961 SKILL.md:961-964 SKILL.md:964-969 SKILL.md:969-972 SKILL.md:972-977 SKILL.md:977-980 SKILL.md:980-985 SKILL.md:985-988 SKILL.md:988-994 SKILL.md:994-1005 SKILL.md:1005-1008 SKILL.md:1008-1009 SKILL.md:1009-1015 SKILL.md:1015-1034 SKILL.md:1034-1040 SKILL.md:1040-1041 SKILL.md:1041-1042 SKILL.md:1042-1043 SKILL.md:243-245 SKILL.md:252 SKILL.md:253 SKILL.md:333 SKILL.md:335-338 SKILL.md:439-441 SKILL.md:833 SKILL.md:898-900 SKILL.md:229-256 SKILL.md:322-342 SKILL.md:430-448 SKILL.md:818-879 SKILL.md:882-915 SKILL.md:1016
🔑 环境变量 (2)
检测到的模式
Hardcoded URLHidden file accessWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionUnix shell invocationHidden file in home directoryGeneric API/secret keysWindows SAM database[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
审计版本 4
中风险Jan 17, 2026, 03:41 AM
AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.
2
已扫描文件
1,332
分析行数
4
发现项
claude
审计者
未发现安全问题
风险因素
📁 文件系统访问 (5)
⚙️ 外部命令 (138)
SKILL.md:37-43 SKILL.md:43-46 SKILL.md:46-56 SKILL.md:56-74 SKILL.md:74-78 SKILL.md:78-86 SKILL.md:86-92 SKILL.md:92-100 SKILL.md:100-104 SKILL.md:104-112 SKILL.md:112-116 SKILL.md:116-124 SKILL.md:124-128 SKILL.md:128-136 SKILL.md:136-142 SKILL.md:142-150 SKILL.md:150-154 SKILL.md:154-162 SKILL.md:162-168 SKILL.md:168-178 SKILL.md:178-201 SKILL.md:201-204 SKILL.md:204-226 SKILL.md:226-229 SKILL.md:229-256 SKILL.md:256-259 SKILL.md:259-275 SKILL.md:275-278 SKILL.md:278-301 SKILL.md:301-304 SKILL.md:304-319 SKILL.md:319-322 SKILL.md:322-342 SKILL.md:342-345 SKILL.md:345-363 SKILL.md:363-373 SKILL.md:373-380 SKILL.md:380-383 SKILL.md:383-389 SKILL.md:389-392 SKILL.md:392-398 SKILL.md:398-401 SKILL.md:401-407 SKILL.md:407-419 SKILL.md:419-427 SKILL.md:427-430 SKILL.md:430-448 SKILL.md:448-451 SKILL.md:451-457 SKILL.md:457-467 SKILL.md:467-473 SKILL.md:473-476 SKILL.md:476-482 SKILL.md:482-485 SKILL.md:485-491 SKILL.md:491-501 SKILL.md:501-526 SKILL.md:526-538 SKILL.md:538-557 SKILL.md:557-560 SKILL.md:560-575 SKILL.md:575-585 SKILL.md:585-598 SKILL.md:598-610 SKILL.md:610-627 SKILL.md:627-630 SKILL.md:630-636 SKILL.md:636-639 SKILL.md:639-646 SKILL.md:646-649 SKILL.md:649-661 SKILL.md:661-671 SKILL.md:671-678 SKILL.md:678-681 SKILL.md:681-691 SKILL.md:691-694 SKILL.md:694-699 SKILL.md:699-702 SKILL.md:702-708 SKILL.md:708-718 SKILL.md:718-725 SKILL.md:725-728 SKILL.md:728-734 SKILL.md:734-737 SKILL.md:737-744 SKILL.md:744-747 SKILL.md:747-758 SKILL.md:758-770 SKILL.md:770-779 SKILL.md:779-782 SKILL.md:782-788 SKILL.md:788-791 SKILL.md:791-797 SKILL.md:797-800 SKILL.md:800-806 SKILL.md:806-818 SKILL.md:818-879 SKILL.md:879-882 SKILL.md:882-915 SKILL.md:915-918 SKILL.md:918-927 SKILL.md:927-939 SKILL.md:939-944 SKILL.md:944-947 SKILL.md:947-953 SKILL.md:953-956 SKILL.md:956-961 SKILL.md:961-964 SKILL.md:964-969 SKILL.md:969-972 SKILL.md:972-977 SKILL.md:977-980 SKILL.md:980-985 SKILL.md:985-988 SKILL.md:988-994 SKILL.md:994-1005 SKILL.md:1005-1008 SKILL.md:1008-1009 SKILL.md:1009-1015 SKILL.md:1015-1034 SKILL.md:1034-1040 SKILL.md:1040-1041 SKILL.md:1041-1042 SKILL.md:1042-1043 SKILL.md:243-245 SKILL.md:252 SKILL.md:253 SKILL.md:333 SKILL.md:335-338 SKILL.md:439-441 SKILL.md:833 SKILL.md:898-900 SKILL.md:229-256 SKILL.md:322-342 SKILL.md:430-448 SKILL.md:818-879 SKILL.md:882-915 SKILL.md:1016
🔑 环境变量 (2)
检测到的模式
Hardcoded URLHidden file accessWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick executionShell command substitutionTemplate literal with command substitutionUnix shell invocationHidden file in home directoryGeneric API/secret keysWindows SAM database[HEURISTIC] DANGEROUS COMBINATION: Code execution + Network + Credential access[HEURISTIC] SUSPICIOUS COMBINATION: Filesystem + Credentials + Network
审计版本 3
中风险Jan 10, 2026, 01:32 PM
This skill provides legitimate GitHub workflow automation capabilities but requires elevated permissions for repository management, workflow execution, and multi-agent coordination. While the functionality appears genuine, users should be aware of the broad access requirements.
1
已扫描文件
1,066
分析行数
6
发现项
claude
审计者
中风险问题 (2)
Broad GitHub CLI permissions required
The skill requires GitHub CLI with authenticated access, enabling repository manipulation, issue creation, PR management, and deployment actions. This could be misused if the skill is compromised.
External package dependencies with network access
Skill requires installation of external packages (claude-flow@alpha, ruv-swarm) that have network capabilities and could potentially access sensitive repository data.
低风险问题 (1)
Workflow templates include shell script execution
Generated GitHub Actions workflows execute shell commands that could be modified if input validation is insufficient, though this is standard for CI/CD systems.
风险因素
🌐 网络访问 (2)
⚙️ 外部命令 (2)
🔑 环境变量 (2)
审计版本 2
中风险Jan 10, 2026, 01:32 PM
This skill provides legitimate GitHub workflow automation capabilities but requires elevated permissions for repository management, workflow execution, and multi-agent coordination. While the functionality appears genuine, users should be aware of the broad access requirements.
1
已扫描文件
1,066
分析行数
6
发现项
claude
审计者
中风险问题 (2)
Broad GitHub CLI permissions required
The skill requires GitHub CLI with authenticated access, enabling repository manipulation, issue creation, PR management, and deployment actions. This could be misused if the skill is compromised.
External package dependencies with network access
Skill requires installation of external packages (claude-flow@alpha, ruv-swarm) that have network capabilities and could potentially access sensitive repository data.
低风险问题 (1)
Workflow templates include shell script execution
Generated GitHub Actions workflows execute shell commands that could be modified if input validation is insufficient, though this is standard for CI/CD systems.
风险因素
🌐 网络访问 (2)
⚙️ 外部命令 (2)
🔑 环境变量 (2)
审计版本 1
中风险Jan 10, 2026, 01:32 PM
This skill provides legitimate GitHub workflow automation capabilities but requires elevated permissions for repository management, workflow execution, and multi-agent coordination. While the functionality appears genuine, users should be aware of the broad access requirements.
1
已扫描文件
1,066
分析行数
6
发现项
claude
审计者
中风险问题 (2)
Broad GitHub CLI permissions required
The skill requires GitHub CLI with authenticated access, enabling repository manipulation, issue creation, PR management, and deployment actions. This could be misused if the skill is compromised.
External package dependencies with network access
Skill requires installation of external packages (claude-flow@alpha, ruv-swarm) that have network capabilities and could potentially access sensitive repository data.
低风险问题 (1)
Workflow templates include shell script execution
Generated GitHub Actions workflows execute shell commands that could be modified if input validation is insufficient, though this is standard for CI/CD systems.