Skip to content

Allow all external users to trigger Claude on PRs#68

Open
guzus wants to merge 1 commit intomainfrom
feat/allow-all-external-users
Open

Allow all external users to trigger Claude on PRs#68
guzus wants to merge 1 commit intomainfrom
feat/allow-all-external-users

Conversation

@guzus
Copy link
Owner

@guzus guzus commented Jan 19, 2026

Add allowed_non_write_users: "*" to enable any user to trigger Claude via pull_request_target, not just repository collaborators.

Security is maintained by the security-check job which blocks external users from modifying workflow files.

@guzus @claude
Allow all external users to trigger Claude on PRs
44ea8d4 
Add allowed_non_write_users: "*" to enable any user to trigger Claude
via pull_request_target, not just repository collaborators.

Security is maintained by the security-check job which blocks external
users from modifying workflow files.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
Copy link

claude bot commented Jan 19, 2026

Pull Request Review

Summary

This PR adds allowed_non_write_users: "*" to the Claude Code workflow to enable any user to trigger Claude via pull_request_target events.

Code Quality & Best Practices ✅

  • The change is minimal and focused (1 line addition)
  • Properly placed in the claude-default job which already has security checks
  • Consistent with the workflow's existing structure

Security Analysis ⚠️

Strengths:

  1. The security-check job blocks external contributors from modifying workflow files (.github/workflows/)
  2. The claude-default job has a dependency on security-check and only runs when is_safe == 'true'
  3. Uses pull_request_target which runs in the context of the base repository, not the fork

Concerns:

  1. Broad Access: The wildcard "*" allows ANY user on GitHub to trigger Claude on PRs. This could lead to:

    • Resource exhaustion (GitHub Actions minutes abuse)
    • Potential for malicious actors to trigger Claude with crafted inputs
    • API token usage against your Claude Code OAuth token

  2. Limited Scope: The security check only prevents workflow file modifications, but doesn't prevent:

    • Malicious code in other files that Claude might execute or analyze
    • Social engineering attacks through PR descriptions/comments
    • Abuse of the Claude API quota

  3. Missing Rate Limiting: No apparent rate limiting or approval mechanism for external users

Recommendations

Option 1: More Restrictive Allowlist (Recommended)

allowed_non_write_users: "user1,user2,trusted-org/*"

Only allow specific trusted external contributors.

Option 2: Add Additional Safeguards
If you must use "*", consider:

  • Monitoring GitHub Actions usage closely
  • Setting up alerts for unusual activity
  • Implementing a manual approval step for first-time contributors
  • Adding rate limiting at the repository level

Option 3: Require Issue Creation First
Keep the current restriction and require external users to create issues with @claude mentions instead, which gives you more control.

Performance Considerations ✅

No performance impact on the codebase itself.

Test Coverage

Not applicable for workflow configuration changes.

Verdict

⚠️ Approve with caution - The change is technically correct and the security-check provides some protection, but the wildcard access is risky. Consider starting with a more restricted allowlist and expanding as needed based on actual usage patterns.

Questions

  1. What's the use case driving this change? Are there specific external contributors you want to enable?
  2. Have you considered the potential cost implications of unlimited Claude API usage?
  3. Is there monitoring in place for GitHub Actions abuse?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guzus