Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos

On April 7th, someone submitted a pull request to my project Charlotte. 28 lines. One new file. A GitHub Actions workflow that "validates skill metadata in CI." The PR body quoted my own README back to me and offered to adjust the filename if I preferred something different. I said I'd review it tomorrow. Then I actually looked at it, and spent the next day tracing an operation that spans 250+ repositories, at least 64 sockpuppet accounts, and five distinct phases of escalating access -- all controlled by a single organization. This is what I found. The PR Charlotte is a browser automation MCP server. The PR came from an account called internet-dot and added .github/workflows/hol-skill-validate.yml : name : HOL Skill Validate on : push : branches : [ main , master ] pull_request : branches : [ main , master ] workflow_dispatch : permissions : contents : read id-token : write jobs : validate : runs-on : ubuntu-latest steps : - uses : actions/checkout@34e114876b... - uses : hashgraph-onl

Anatomy of a GitHub Actions Supply Chain Attack Targeting MCP Repos

Related Articles

The Future of Everything is Lies, I Guess

The tech behind words.zip (infinite mmo word search game)

Full Text Search with IndexedDB

ServiceMesh at Scale with Linkerd creator, William Morgan

Floating point from scratch: Hard Mode

Related Articles

News
The Future of Everything is Lies, I Guess
Lobsters • 1h ago

News
The tech behind words.zip (infinite mmo word search game)
Reddit Programming • 1h ago

News
Full Text Search with IndexedDB
Lobsters • 1h ago

News
ServiceMesh at Scale with Linkerd creator, William Morgan
Reddit Programming • 2h ago

News
Floating point from scratch: Hard Mode
Reddit Programming • 2h ago