Security Alert: “Hackerbot-Claw” Autonomous Campaign Exploits GitHub Actions

Christopher Robinson, Chief Technology Officer and Chief Security Architect at the Open Source Security Foundation (OpenSSF), has issued a warning regarding an active, automated attack campaign dubbed “hackerbot-claw”. The campaign systematically targets insecure GitHub Actions workflows in public repositories to execute arbitrary code and exfiltrate highly sensitive credentials.

The hackerbot-claw campaign is an ongoing, automated operation that has already compromised several high-profile open-source projects. Attackers are abusing common misconfigurations in CI/CD pipelines, particularly those that lack strict authorization or permit the execution of untrusted code.

As Robinson’s report highlights, “This is an active, automated attack not a theoretical vulnerability it’s ongoing across vulnerable open source repositories worldwide”. One documented instance involved the project-akri/akri repository, where a malicious pull request successfully injected a shell payload into a workflow script that lacked sufficient safeguards.

The campaign utilizes several sophisticated exploitation techniques designed to gain elevated repository privileges:

• “Pwn Request” / pull_request_target Abuse: Workflows that use privileged triggers to check out and execute code from untrusted forks with elevated access.
• Direct Script Injection: Attackers modify existing scripts in a pull request so that injected commands run with repository-level permissions.
• Branch and Filename Injection: Malicious commands are cleverly encoded into branch names or file paths, which are then evaluated during the workflow’s execution.

These methods frequently lead to the exfiltration of GITHUB_TOKEN credentials, unauthorized code pushes, and potentially broader supply chain compromises.

Robinson emphasizes that projects implementing the OpenSSF Open Source Project Security (OSPS) Baseline are significantly more resilient to these attacks. This framework enforces “least-privilege automation, protected CI/CD workflows, mandatory peer review for security-sensitive changes, and disciplined secrets management”.

To defend against hackerbot-claw, Robinson and the OpenSSF recommend the following hardening steps:

• Harden Workflow Triggers: Avoid pull_request_target where possible and never execute untrusted code in privileged workflows.
• Enforce Least Privilege: Restrict the GITHUB_TOKEN to the minimum necessary permissions (e.g., contents: read) and disable write permissions for fork-triggered workflows.
• Implement Authorization Checks: Ensure workflows only run on contributions from trusted collaborators.
• Protect Infrastructure Code: Require code reviews for all changes to .github/workflows/* and use CODEOWNERS for additional scrutiny.
• Pin Third-Party Actions: Use full commit SHAs (hashes) rather than tags for third-party actions to prevent tampering.

Robinson concludes with a powerful reminder for the community: “The ongoing GitHub Actions exploitation campaign demonstrates that attackers increasingly target weak repository settings rather than software bugs themselves”.