nice, gonna run that on the repo tonight. the manual sha pinning approach was always going to be the kind of thing i'd forget after the next dependabot bump
just went through all my github actions and pinned them to commit SHAs after reading this. same problem — if someone pushes to @main your CI blindly runs it.
auto-update anything is basically handing someone a key to your house and hoping they stay nice forever
Smart approach to the header problem. I hit something similar building a Netflix episode resolver — the data is all there in the HTML but you need the right headers or you get nothing.
Ended up just wrapping curl with the right User-Agent and it worked without needing a full browser.
The auto-learned Referer per upstream host is a nice touch. How often do the upstream sources change their header requirements on you?
I ship Claude Code skills and hooks, so I've hit this from the other side — there's no way for users to verify what my hooks do without reading the source. The permission model is basically "install and hope."
Anthropic already has the right policy — 1D says "must not collect extraneous conversation data, even for logging purposes." But there's no enforcement at the architecture level. An empty matcher string still gives a hook access to every prompt on every project. The rules exist on paper but not in code.
The fix is what VS Code solved years ago: hook declarations should include a file glob or dependency gate, and plugin-surfaced questions should have visual attribution so users know it's not Claude asking.