Check local GitHub Actions and CI configs for pinning and token permission risks.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.eliottreich/taskbounty-check" MCP server from askskill: Run: claude mcp add 'io-github-eliottreich-taskbounty-check' -- npx -y taskbounty-check
Check the GitHub Actions workflows in this repository. Focus on whether actions are pinned to safe versions and whether GITHUB_TOKEN permissions are overly broad. List the items that need fixing. This is not a full security audit.
A report listing issues, affected files, and remediation suggestions for action pinning and token permissions.
Before merging this branch, inspect new or changed GitHub Actions files. Find unpinned actions and unnecessary write permissions, then rank them by severity.
A prioritized list of issues so the team can quickly fix CI configuration problems before merging.
Scan the repository’s Actions and CI configuration and produce concise maintenance recommendations. Explain which actions should be pinned to commit SHAs, which token permissions should be reduced, and why.
A concise maintenance summary for the development team to standardize and improve workflow configurations.
Audit GitHub Actions workflows for permission, secret, pinning, and injection risks.
Debug failing GitHub Actions PR checks, analyze logs, propose fixes, then implement with approval.
Analyze dependency graphs to predict breaking changes and enforce provenance safeguards.
Scan code and text for leaked secrets and exposed API credentials.
Scan Python projects and GitHub repos for vulnerabilities, secrets, and AI risk insights.
Scan CI systems for security risks using live compromised-component threat intelligence.