GitHub Actions Self-Hosted Risk Audit — 技能

技能详情（站内镜像，无评论）

Audit GitHub Actions workflows that use self-hosted runners for untrusted trigger and credential-hardening risks.

开发与 DevOps

作者：Daniel Lummis @daniellummis

许可证：MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本：v1.0.0

统计：⭐ 0 · 158 · 0 current installs · 0 all-time installs

⭐ 0

安装量（当前） 0

🛡 VirusTotal ：良性 · OpenClaw ：良性

Package：daniellummis/github-actions-self-hosted-risk-audit

安全扫描（ClawHub）

VirusTotal ：良性
OpenClaw ：良性

OpenClaw 评估

This skill is internally consistent: it scans local GitHub Actions workflow YAML files for self-hosted-runner risks, requires only bash/python3, does not ask for credentials or perform network access, and its inputs match its stated purpose.

目的

The name/description match the implementation. The script scans workflow YAML files for self-hosted runner patterns and flags trigger/permission/checkout issues. Required binaries (bash, python3) are appropriate and no unrelated credentials or services are requested.

说明范围

Runtime instructions and the included script operate on local files matched by WORKFLOW_GLOB (default .github/workflows/*.y*ml) and only read those files, apply regex checks, and emit reports. There are no instructions to read unrelated system config, exfiltrate data, or call external endpoints. Note: the tool uses regex-based parsing rather than a YAML parser, so it may be brittle and produce false positives/negatives, but that is a functiona…

安装机制

No install spec or external downloads — this is instruction-only plus an included shell script. Nothing is pulled from external URLs or written to system locations by an installer.

证书

No required environment variables or credentials. Optional env vars control which files to scan and thresholds; they are configuration-only and proportional to the skill's purpose.

持久

The skill does not request persistent/global privileges (always:false), does not modify other skills or system-wide configs, and does not store credentials. It runs on demand and can be invoked by the user.

综合结论

This skill appears safe to run locally: it only reads workflow YAML files and reports risky patterns, and it does not require API tokens or network access. Before installing/running, review or run the included script on a non-sensitive copy of your repo if you have concerns; note that the tool uses regex-based checks (not a full YAML AST), so expect occasional false positives/negatives. Also be cautious if you override WORKFLOW_GLOB to scan ar…

安装（复制给龙虾 AI）

将下方整段复制到龙虾中文库对话中，由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库（龙虾 AI）执行：为本机安装 OpenClaw 技能「GitHub Actions Self-Hosted Risk Audit」。简介：Audit GitHub Actions workflows that use self-hosted runners for untrusted trigg…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装：https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/daniellummis/github-actions-self-hosted-risk-audit/SKILL.md
（来源：yingzhi8.cn 技能库）

SKILL.md

打开原始 SKILL.md（GitHub raw）

---
name: github-actions-self-hosted-risk-audit
description: Audit GitHub Actions workflows that use self-hosted runners for untrusted trigger and credential-hardening risks.
version: 1.0.0
metadata: {"openclaw":{"requires":{"bins":["bash","python3"]}}}
---

# GitHub Actions Self-Hosted Risk Audit

Use this skill to flag risky workflow patterns when jobs run on self-hosted GitHub Actions runners.

## What this skill does
- Scans workflow YAML files (`.github/workflows/*.yml` by default)
- Detects workflows that reference `self-hosted` runners
- Flags high-risk trigger combinations (`pull_request_target`, `pull_request`, `issue_comment`)
- Flags broad/self-hosted-only runner selection (no extra routing labels)
- Flags workflows with write-capable permissions in self-hosted contexts
- Flags `actions/checkout` steps that do not set `persist-credentials: false`
- Supports text/json output and CI fail gate

## Inputs
Optional:
- `WORKFLOW_GLOB` (default: `.github/workflows/*.y*ml`)
- `TOP_N` (default: `20`)
- `OUTPUT_FORMAT` (`text` or `json`, default: `text`)
- `WARN_SCORE` (default: `4`)
- `CRITICAL_SCORE` (default: `8`)
- `WORKFLOW_FILE_MATCH` / `WORKFLOW_FILE_EXCLUDE` (regex, optional)
- `FAIL_ON_CRITICAL` (`0` or `1`, default: `0`)

## Run

Text report:

```bash
WORKFLOW_GLOB='.github/workflows/*.yml' 
WARN_SCORE=4 
CRITICAL_SCORE=8 
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh
```

JSON output + fail gate:

```bash
WORKFLOW_GLOB='.github/workflows/*.y*ml' 
OUTPUT_FORMAT=json 
FAIL_ON_CRITICAL=1 
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh
```

Run against bundled fixtures:

```bash
WORKFLOW_GLOB='skills/github-actions-self-hosted-risk-audit/fixtures/*.y*ml' 
bash skills/github-actions-self-hosted-risk-audit/scripts/self-hosted-risk-audit.sh
```

## Output contract
- Exit `0` in reporting mode (default)
- Exit `1` when `FAIL_ON_CRITICAL=1` and one or more workflows are critical
- Text mode prints summary + top flagged workflows
- JSON mode prints summary + flagged workflows + critical workflows