Claude Code Plugins

Community-maintained marketplace

Feedback

self-hosted-runner-hardening

@adaptive-enforcement-lab/claude-skills
0
0

>-

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name self-hosted-runner-hardening
description Comprehensive hardening steps for self-hosted GitHub Actions runners. OS-level security, network isolation, credential protection, and audit logging.

Self-Hosted Runner Hardening

When to Use This Skill

Hardening is not optional. Every layer of defense you skip is an attack vector you gift to adversaries. Deploy runners defensively or accept the breach.

The Default Is Insecure

A default runner installation has root access, unrestricted network, cloud metadata endpoints, persistent filesystem, and ambient credentials. One malicious workflow means full infrastructure compromise. Apply every hardening layer.

Implementation

See the full implementation guide in the source documentation.

Examples

See examples.md for code examples.

Full Reference

See reference.md for complete documentation.

References