maxtac-supply-chain-cicd-release-takeover
CommunityAnalyze CI/CD release takeover for supply chain security
Authorphilo-groves
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill identifies potential security vulnerabilities in CI/CD workflows, particularly focusing on advanced CI/CD, workflow, runner, cache, OIDC, release, publishing, signing, artifact promotion, or deployment takeover analysis.
Core Features & Use Cases
- CI/CD Workflow Analysis: Trace whether untrusted CI input can reach trusted release, signing, publishing, or deployment authority.
- High-Risk Pattern Identification: Detect patterns such as mutable action refs, compromised third-party actions, and OIDC federation issues.
- Exploit Sequence Analysis: Understand the sequence of events leading to a potential release takeover.
- Controls and Counterevidence: Evaluate branch protection, environment approvals, and artifact verification.
Quick Start
Use the maxtac-supply-chain-cicd-release-takeover skill to analyze the CI/CD release workflow for potential security vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: maxtac-supply-chain-cicd-release-takeover Download link: https://github.com/philo-groves/MaxTAC/archive/main.zip#maxtac-supply-chain-cicd-release-takeover Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.