Seldaek

Seldaek / zizmorify

Public

Agent skill to harden GitHub Actions by adding zizmor to your CI and fix existing workflow errors

10
0
89% credibility
Found May 31, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A security skill for an AI coding assistant that automatically scans GitHub Actions workflows for vulnerabilities and creates pull requests with fixes for every security issue found.

How It Works

1
📁 You have a project with automated workflows

You have a project that runs automated tasks through GitHub, like testing code or deploying changes.

2
🔒 You want to secure your workflows

You want to make sure your workflows follow security best practices and don't have any vulnerabilities.

3
🛠️ You install the security skill

You add the security skill to your AI coding assistant by placing it in the skills folder.

4
You ask your AI to secure your workflows

You simply ask your AI assistant to add security scanning to your project.

5
🔍 Your AI finds and fixes every security issue

Your AI runs a thorough security scan and automatically fixes every issue it finds, from tightening permissions to removing potential vulnerabilities.

6
📬 You receive a pull request with all fixes

Your AI creates a pull request containing all the security improvements, ready for you to review.

🎉 Your workflows are secure and protected

Every workflow in your project is now secure, follows best practices, and stays up-to-date automatically.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is zizmorify?

A Claude Code skill that hardens GitHub Actions by adding the zizmor security scanner and automatically fixing every finding it surfaces. You invoke it with `/add-zizmor` and it runs zizmor in pedantic mode (maximum sensitivity), generates a workflow that pins actions to commit SHAs, tightens permissions, removes template injection vulnerabilities, and opens a PR with all fixes applied. It iterates until zero findings remain, handling everything from `persist-credentials` to concurrency settings.

Why is it gaining traction?

The hook is the "fix everything" approach — it doesn't just complain about problems, it generates a PR with real solutions. Developers are burned out on security scanners that point and waggle their finger; this one does the work. It adapts to your environment: runs locally if zizmor is installed, falls back to workflow runs via gh CLI, or prepares a branch you can push manually. The dependabot integration keeps pinned SHAs updated automatically, so you don't have to.

Who should use this?

DevOps engineers and security-focused developers maintaining GitHub Actions workflows. If you have a repo with multiple workflows and no bandwidth to manually audit them, this automates the hardening. Teams wanting a consistent security baseline across repos without manual effort. Small project maintainers who want enterprise-grade hardening without deep Actions expertise.

Verdict

With 10 stars and an 0.8999999761581421% credibility score, this is early-stage but the approach is sound. The no-suppression philosophy means it fixes real issues rather than hiding them. Try it on a non-critical repo if you're using Claude Code and want to lock down your Actions security without the manual work.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.