SkillAgentSearch skills...

Zizmor

Static analysis for GitHub Actions

GenerateConvertImprove

Install / Use

/learn @zizmorcore/Zizmor
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

🌈 zizmor

zizmor CI Crates.io Packaging status GitHub Sponsors Discord

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors

zizmor's development is supported by these amazing sponsors!

<!-- @@begin-sponsors@@ --> <table width="100%"> <caption>Logo-level sponsors</caption> <tbody> <tr> <td align="center" valign="top" width="15%"> <a href="https://grafana.com/"> <img src="https://avatars.githubusercontent.com/u/7195757?s=100&v=4" width="100px"> <br> Grafana Labs </a> </td> <td align="center" valign="top" width="15%"> <a href="https://trailofbits.com/"> <img src="https://avatars.githubusercontent.com/u/2314423?s=100&v=4" width="100px"> <br> Trail of Bits </a> </td> <td align="center" valign="top" width="15%"> <a href="https://www.shipfox.io"> <img src="https://avatars.githubusercontent.com/u/163036520?s=100&v=4" width="100px"> <br> Shipfox </a> </td> <td align="center" valign="top" width="15%"> <a href="https://kusari.dev"> <img src="https://avatars.githubusercontent.com/u/105390000?s=100&v=4" width="100px"> <br> Kusari </a> </td> </tr> </tbody> </table> <hr align="center"> <table width="100%"> <caption>Name-level sponsors</caption> <tbody> <tr> <td align="center" valign="top"> <a href="https://github.com/ariccio"> Alexander Riccio </a> </td> </tr> </tbody> </table> <!-- @@end-sponsors@@ -->

Want to see your name or logo above? Consider becoming a sponsor through one of the following:

Star History

<a href="https://star-history.com/#zizmorcore/zizmor&Date"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=zizmorcore/zizmor&type=Date&theme=dark" /> <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=zizmorcore/zizmor&type=Date" /> <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=zizmorcore/zizmor&type=Date" /> </picture> </a>

Related Skills

healthcheck

335.2k

Host security hardening and risk-tolerance configuration for OpenClaw deployments

node-connect

335.2k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

prose

335.2k

OpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.

frontend-design

82.5k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

zizmorcore

View profile

View on GitHub
GitHub Stars3.9k
CategoryDevelopment
Updated40m ago
Forks152
zizmorcore/zizmor

Languages

Rust

Security Score

100/100

Audited on Mar 25, 2026

No findings