GitHub Actions workflow security audit - 21 checks: pinning, permissions, secrets, injection.
MCP server that audits files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and foot-guns — the patterns behind several 2024–2025 supply-chain incidents. Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called. Apify Actor Store — primary, metered usage (PPE) MCPize — pending submission MCP.so — pending submission…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
MCP server that audits files for supply-chain risks. Catches script injection, leaked tokens, unpinned actions, broad permissions, and foot-guns — the patterns behind several 2024–2025 supply-chain incidents. Built by Unbearable Labs. Pay-per-event — only billed when a tool is actually called. Apify Actor Store — primary, metered usage (PPE) MCPize — pending submission MCP.so — pending submission PulseMCP — pending submission Smithery — pending submission Glama — pending submission Newsletter:…