About

I’m Christopher Lusk, a Principal Product Security Engineer at Red Hat.

Outside of work, I build open-source security tooling and conduct independent vulnerability research. When I find something worth sharing, I write about it here.

The views and research published here are my own and do not represent Red Hat.

Projects

• WAINGRO — AI agent skill security scanner. Static analysis tool that detects malicious patterns in OpenClaw/Agent Skills format skill files. Used to audit 30,000+ skills on ClawhHub.
• Fluxgate — Static analyzer for GitHub Actions workflows. Detects the vulnerability class that enabled the Trivy supply chain compromise.
• VibeShield — Security taxonomy and case study framework for CI/CD supply chain incidents.

Contact

• GitHub: north-echo
• Email: clusk@northecho.dev (security disclosures and research)

Disclosure Policy

If I’ve contacted you about a vulnerability, see the Fluxgate disclosure protocol for timelines and process.