maxtac-supply-chain-cicd-release-takeover

Community

Analyze CI/CD release takeover for supply chain security

Authorphilo-groves
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill identifies potential security vulnerabilities in CI/CD workflows, particularly focusing on advanced CI/CD, workflow, runner, cache, OIDC, release, publishing, signing, artifact promotion, or deployment takeover analysis.

Core Features & Use Cases

  • CI/CD Workflow Analysis: Trace whether untrusted CI input can reach trusted release, signing, publishing, or deployment authority.
  • High-Risk Pattern Identification: Detect patterns such as mutable action refs, compromised third-party actions, and OIDC federation issues.
  • Exploit Sequence Analysis: Understand the sequence of events leading to a potential release takeover.
  • Controls and Counterevidence: Evaluate branch protection, environment approvals, and artifact verification.

Quick Start

Use the maxtac-supply-chain-cicd-release-takeover skill to analyze the CI/CD release workflow for potential security vulnerabilities.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: maxtac-supply-chain-cicd-release-takeover
Download link: https://github.com/philo-groves/MaxTAC/archive/main.zip#maxtac-supply-chain-cicd-release-takeover

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.