Repository Security Posture

Name: Repository Security Posture
Author: superagent-ai

Audit a GitHub repository's security posture and produce a ranked, actionable hardening checklist.

triggers:repo security postureaudit my repoharden this GitHub repoactions securityprotect against a compromised maintainerrepository security audit

Repository Security Posture

Audit a repository's configuration and CI/CD against concrete attacker scenarios and produce a concise, actionable list of hardening todos. Output is grouped by category (publish & release integrity; branch & merge protection; sensitive-path ownership; CI/CD workflow hardening; account & access control; dependency & supply-chain review), ordered by severity, and tied to observed evidence. The report defaults to a markdown checklist but can also be emitted as structured JSON for automation.

What it does

Collects repo configuration and workflow files (collector recommended)
Runs checks against a canonical list of hardening controls
Emits maintainable, prioritized todos with exact remediation steps and confidence (observed or unverified)

When to use

Use this when you want a maintainer-facing audit: "audit my repo", "harden this GitHub repo", "actions security", or when pointing to a GitHub URL and asking what to fix.

Output format

Markdown checklist (default)
Optional JSON array of findings for CI/pipeline integration

Notes on scope

This inspects configuration and CI; it is not a code-level vulnerability scan or historical secrets scan. Some checks require an admin token to verify; those are reported under "Could not verify" with manual steps to confirm.

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: superagent-ai
Installs: 0

Related Skills

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

OpenTestAI

Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

Skill Issue — Skill Auditor

Scan and audit installed agent skills to produce a health report covering inventory, usage, dependency checks, version status, and actionable recommendations.

GRC & Compliance (ServiceNow)

Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.

Back to Skills

Repository Security Posture

from superagent-ai

Audit a GitHub repository's security posture and produce a ranked, actionable hardening checklist.

triggers:repo security postureaudit my repoharden this GitHub repoactions securityprotect against a compromised maintainerrepository security audit

Repository Security Posture

What it does

Collects repo configuration and workflow files (collector recommended)
Runs checks against a canonical list of hardening controls
Emits maintainable, prioritized todos with exact remediation steps and confidence (observed or unverified)

When to use

Use this when you want a maintainer-facing audit: "audit my repo", "harden this GitHub repo", "actions security", or when pointing to a GitHub URL and asking what to fix.

Output format

Markdown checklist (default)
Optional JSON array of findings for CI/pipeline integration

Notes on scope

Not yet audited

This skill has not been reviewed by our automated audit pipeline yet.

Information

Repository: superagent-ai
Installs: 0

Related Skills

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

OpenTestAI

Automated, high-confidence AI testing: bug detection, persona feedback, and prioritized test-case generation using many specialized tester profiles.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Minimal Run & Audit (repro reporting)

Execute a README-first smoke test and produce standardized reproducibility outputs (`repro_outputs/`) and PATCHES.md — trusted reporting for repo reproduction r

Skill Issue — Skill Auditor

Scan and audit installed agent skills to produce a health report covering inventory, usage, dependency checks, version status, and actionable recommendations.

GRC & Compliance (ServiceNow)

Guides Governance, Risk & Compliance (GRC) work in ServiceNow: policies, controls, risk records, audits and ES5 script examples for automating GRC workflows.

Repository Security Posture

Repository Security Posture

What it does

When to use

Output format

Notes on scope

Tags

Not yet audited

Information

Related Skills

Repository Security Posture

Repository Security Posture

What it does

When to use

Output format

Notes on scope

Tags

Not yet audited

Information

Related Skills