GitHub Actions token abuse: are your CI controls keeping up?

TL;DR: HackerBot-Claw systematically scans public GitHub repositories for misconfigured Actions workflows, then uses elevated pull_request_target execution to steal privileged tokens and take repository actions, according to Orca Security. The pattern shows that CI/CD automation can turn trust boundaries into control-plane abuse paths when token scope and untrusted code execution are not tightly separated.

NHIMG editorial — based on content published by Orca Security: HackerBot-Claw and the abuse of misconfigured GitHub Actions workflows

By the numbers:

• In 2025, a supply chain attack against the tj-actions/changed-files action affected over 23,000 workflows.

Questions worth separating out

Q: What breaks when GitHub Actions workflows run untrusted pull requests with write access?

A: The workflow boundary breaks because attacker-controlled input can execute in a privileged context.

Q: Why do CI tokens behave like privileged non-human identities?

A: CI tokens can authenticate automated jobs, call APIs, and change repository state without human interaction.

Q: How do organisations know if GitHub Actions permissions are too broad?

A: A practical sign is when a workflow can read secrets, write to the repository, or publish releases while processing untrusted input.

Practitioner guidance

• Remove privileged execution from untrusted PR paths Keep pull_request_target workflows from running scripts or checks that can touch write-capable tokens.
• Scope every CI token to the minimum repository action Audit GITHUB_TOKEN permissions, stored PATs, and any reusable credentials in workflows.
• Treat CI credentials as privileged NHIs Inventory workflow secrets, map where they are exposed, and review them on the same cadence used for other non-human identities.

What's in the full article

Orca Security's full research covers the operational detail this post intentionally leaves for the source:

• Step-by-step examples of vulnerable GitHub Actions workflow patterns, including pull_request_target and privileged checkouts.
• Repository-specific impact details showing how tokens were used for release deletion, commit pushes, and repository takeover.
• Mitigation guidance that maps directly to workflow hardening, token scoping, and safer handling of untrusted pull requests.
• Examples of impacted projects and the exploitation patterns associated with each target.

👉 Read Orca Security's analysis of GitHub Actions token abuse and repository compromise →

GitHub Actions token abuse: are your CI controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →