Projects

Fluxgate

Static analyzer for GitHub Actions workflows. Detects pwn requests, script injection, and supply chain risks.

github-actionssupply-chaingo

VibeShield

Security taxonomy and case study framework for CI/CD supply chain incidents.

supply-chaintaxonomycase-studies

WAINGRO

AI agent skill security scanner. Static analysis tool that detects malicious patterns in OpenClaw/Agent Skills format skill files.

supply-chainai-securitypython