act-runner
Enables local testing of GitHub Actions workflows using Docker, streamlining CI/CD processes and preventing broken deployments.
Install this skill
or
74/100
Security score
The act-runner skill was audited on Mar 1, 2026 and we found 10 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 232
Template literal with variable interpolation in command context
SourceSKILL.md
| 232 | ```bash |
medium line 149
Access to hidden dotfiles in home directory
SourceSKILL.md
| 149 | ### Config File (~/.actrc) |
low line 263
Access to hidden dotfiles in home directory
SourceSKILL.md
| 263 | sudo cp ~/.local/bin/act /usr/local/bin/act |
low line 50
Access to .env file
SourceSKILL.md
| 50 | # From .env file |
low line 51
Access to .env file
SourceSKILL.md
| 51 | act --secret-file .env |
low line 158
Access to .env file
SourceSKILL.md
| 158 | --secret-file .env |
low line 182
Access to .env file
SourceSKILL.md
| 182 | --secret-file .env.local |
low line 183
Access to .env file
SourceSKILL.md
| 183 | --env-file .env.act |
medium line 303
Access to .env file
SourceSKILL.md
| 303 | | **Secrets** | GitHub UI | .env file or inline | |
medium line 312
Access to .env file
SourceSKILL.md
| 312 | 4. **Secret safety** — Never commit `.env` files; use `.gitignore` |
Scanned on Mar 1, 2026
View Security DashboardInstall this skill with one command
/learn @faahim/act-runner