gha-security-review
Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it.
Content Preview
--- name: gha-security-review description: "Find exploitable vulnerabilities in GitHub Actions workflows. Every finding MUST include a concrete exploitation scenario — if you can't build the attack, don't report it." risk: unknown source: community --- <!-- Attack patterns and real-world examples sourced from the HackerBot Claw campaign analysis by StepSecurity (2025): https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation --> # GitHub Actions Security Review Find exploit
How to Use
Recommended: Install to project (local)
mkdir -p .claude/skills
curl -o .claude/skills/gha-security-review.md \
https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/gha-security-review/SKILL.mdSkill is scoped to this project only. Add .claude/skills/ to your .gitignoreif you don't want to commit it.
Alternative: Clone full repo
git clone https://github.com/sickn33/antigravity-awesome-skillsThen reference at skills/gha-security-review/SKILL.md
Related Skills
007
Security audit, hardening, threat modeling (STRIDE/PASTA), Red/Blue Team, OWASP checks, code review, incident response, and infrastructure security for any project.
securitysecurityauditowasp
by sickn33 (Antigravity) · antigravity-awesome-skills
Performing Security Testing
This skill automates security vulnerability testing. It is triggered when the user requests security assessments, penetration tests, or vulnerability scans. The skill covers OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, authentication issues, and authorization flaws. Use this skill when th
skill-adapterperforming security testing
by jeremylongshore · plugins-plus-skills
Generating Security Audit Reports
This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit secu
skill-adaptergenerating security audit reports
by jeremylongshore · plugins-plus-skills
security-audit
Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.
securitysecurityaudit
by sickn33 (Antigravity) · antigravity-awesome-skills