github-action-plugins
OfficialEnsure secure, compliant GitHub Action plugins.
Software Engineering#security#compliance#github-actions#code-review#workflow-review#sha-verification
AuthorNosto
Version1.0.0
Installs0
System Documentation
What problem does it solve?
GitHub Action plugins often introduce security risks and compliance gaps when updated. This skill provides a structured review checklist to ensure Action SHAs are pinned, vulnerability scanning is performed, and policy adherence is verified.
Core Features & Use Cases
- Ensure Action SHAs are pinned to specific commits to prevent unexpected updates.
- Validate that vulnerability scans are completed for new or updated Actions, with pending status noted when unavailable.
- Cross-reference results to ensure no critical vulnerabilities exist before merging workflow changes.
- Use case: When reviewing a PR that updates a GitHub Action, run this checklist to ensure safe integration.
Quick Start
Run the checklist to review the latest GitHub Action plugin changes.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: github-action-plugins Download link: https://github.com/Nosto/web-components/archive/main.zip#github-action-plugins Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.