OpenSSF Siren warns of active exploitation of weak GitHub Actions workflow configurations

What happened

A forwarded OpenSSF Siren security advisory posted to the oss-security mailing list warns of an active, automated attack campaign tracked as "hackerbot-claw". The advisory states the campaign is scanning public repositories for insecure GitHub Actions workflows and exploiting common CI/CD misconfigurations to achieve arbitrary code execution and credential exfiltration.

The advisory describes targeting workflows that (a) use privileged triggers such as pull_request_target, (b) execute untrusted code from forked pull requests, (c) include inline shell scripts or unvalidated inputs in workflow steps, and/or (d) lack authorization checks before running workflows. It notes the resulting impact can include exfiltration of credentials (including GITHUB_TOKEN), unauthorized code pushes, and supply-chain compromise.

Who is impacted

• Maintainers and platform engineers operating repositories that use GitHub Actions—especially projects with workflows triggered by external contributors (fork PRs).
• Repositories whose workflows have overly broad workflow permissions (e.g., write access where read is sufficient) or that check out and execute untrusted code in privileged contexts.

What to do now

• Review all workflows for unsafe triggers and patterns; avoid pull_request_target where possible and prefer pull_request for unprivileged execution.
• Do not check out and execute untrusted forked code in privileged workflows.
• Apply least privilege to GITHUB_TOKEN and workflow permissions (e.g., default to contents: read where feasible).
• Pin third-party actions by commit SHA.
• Sanitize and validate any user-controlled input (branch names, PR titles, comments) before use, and avoid direct interpolation into shell commands.
• Add authorization checks (e.g., gate execution on trusted author_association).
• Monitor for suspicious workflow runs and rotate tokens/secrets that may have been exposed.

Additional Information

• The oss-security post is a forward of an OpenSSF Siren advisory titled "Active Exploitation of Weak GitHub Actions Configurations" and references an example involving the project-akri/akri repository.
• The post includes links to GitHub documentation on script-injection risks and additional hardening guidance referenced in the advisory.