github-actions-security

Name: github-actions-security
Rating: 5 (8 reviews)
Author: GoldenWing-360

Harden GitHub Actions workflows against the well-known footguns. Covers SHA-pinned third-party actions, scoped GITHUB_TOKEN permissions, OIDC in place of long-lived cloud credentials, the pull_request_target trap, untrusted-input interpolation, and protected deploy environments. Invoke when adding a new workflow, introducing a third-party action, or migrating from long-lived secrets to OIDC.

8stars

Updated last month

View on GitHub ↗License: MIT

How to add

/plugin marketplace add GoldenWing-360/claude-security-skills

The exact command may vary by repository. Check the README on GitHub.

For the skill author

Drop this on your repo README

Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.

[![Listada na Skillteca](https://www.skillteca.com.br/api/badge/github-actions-security/svg)](https://www.skillteca.com.br/skills/github-actions-security?utm_source=badge&utm_medium=readme&utm_campaign=badge)

#github #git #ai #api #word

Related skills

See all in Desenvolvimento →

claude-api

143.8k

Build, debug, and optimize Claude API / Anthropic SDK apps. Apps built with this skill should include prompt caching. Also handles migrating existing Claude API code between Claude model versions (4.5 → 4.6, 4.6 → 4.7, retired-model replacements). TRIGGER when: code imports `anthropic`/`@anthropic-ai/sdk`; user asks for the Claude API, Anthropic SDK, or Managed Agents; user adds/modifies/tunes a C

Desenvolvimento#ai#apiby anthropics

skill-creator

143.8k

Create new skills, modify and improve existing ones, and measure their performance. Use this skill for developing, editing, optimizing, testing, and benchmarking skills, as well as refining their descriptions for better triggering.

Desenvolvimento#testby anthropics

oh-my-issues

79.7k

This skill clusters GitHub issue backlogs by root cause into plan-master issues, redirects related children, and bundles architectural-fix PRs to close clusters atomically. It's ideal for triaging and consolidating numerous issues sharing underlying defects, or for building a plan series or roadmap.

Desenvolvimento#github#gitby thedotmack

claude-mem

79.7k

Captures agent actions across sessions, compresses them with AI, and injects relevant context into future interactions. Compatible with Claude Code, OpenClaw, Codex, Gemini, Hermes, Copilot, OpenCode, and more.

Desenvolvimento#aiby thedotmack

Category alert

Get new Desenvolvimento skills every Monday

One short email with only the new Desenvolvimento skills. 4 minutes of reading, no spam, unsubscribe with one click.

You confirm your email on the first send. No spam. Unsubscribe with one click.

GitHub Actions Security

GitHub Actions runs code with access to your secrets, your code, and increasingly your cloud accounts. Most teams ship workflows with the defaults, which are convenient but expose more than necessary. This skill is the working baseline for production-grade Actions usage.

When to invoke

Adding a new workflow
Introducing a third-party action (uses: someone/some-action@v1)
A workflow leaked a secret (cleanup + prevention)
Migrating from long-lived cloud cre

[Description truncada. Veja o README completo no GitHub.]

ShareX LinkedIn

Comments · No comments

No comments yet. Be the first.