diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
new file mode 100644
index 0000000..3ac7ac8
--- /dev/null
+++ b/.github/workflows/validate.yaml
@@ -0,0 +1,17 @@
+name: Validate NFC Files
+
+on:
+  push:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  validation:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: validate
+        run: ./validation.sh
diff --git a/.gitignore b/.gitignore
index 4199fa3..1bc3b32 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 Extra
 *.ini
+.idea
\ No newline at end of file
diff --git a/validation.sh b/validation.sh
index 5bc6b2f..2e326be 100755
--- a/validation.sh
+++ b/validation.sh
@@ -1,48 +1,68 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
-shopt -s globstar
+ERR_FOUND=0
 
 REQUIRED_PATTERNS=(
-    "Filetype: Flipper NFC device"
-    "Version: 4"
-    "Device type: SLIX"
-    "UID:( [A-F0-9]{2}){8}"
-    "DSFID: 00"
-    "AFI: 00"
-    "IC Reference: 03"
-    "Lock DSFID: false"
-    "Lock AFI: false"
-    "Block Count: 8"
-    "Block Size: 04"
-    "Data Content:( [A-F0-9]{2}){32}"
-    "Security Status: 00 00 00 00 00 00 00 00"
-    "Capabilities: Default"
-    "Password Privacy: 7F FD 6E 5B"
-    "Password Destroy: 0F 0F 0F 0F"
-    "Password EAS: 00 00 00 00"
-    "Privacy Mode: false"
-    "Lock EAS: false"
+  "Filetype: Flipper NFC device"
+  "Version: 4"
+  "Device type: SLIX"
+  "UID:( [A-F0-9]{2}){8}"
+  "DSFID: 00"
+  "AFI: 00"
+  "IC Reference: 03"
+  "Lock DSFID: false"
+  "Lock AFI: false"
+  "Block Count: 8"
+  "Block Size: 04"
+  "Data Content:( [A-F0-9]{2}){32}"
+  "Security Status: 00 00 00 00 00 00 00 00"
+  "Capabilities: Default"
+  "Password Privacy: 7F FD 6E 5B"
+  "Password Destroy: 0F 0F 0F 0F"
+  "Password EAS: 00 00 00 00"
+  "Privacy Mode: false"
+  "Lock EAS: false"
 )
 
-for filename in **/*.nfc; do
+FORBIDDEN_PATTERNS=(
+  "Subtype: ([0-9]){2}"
+  # Add more forbidden patterns here
+)
 
-    for pattern in "${REQUIRED_PATTERNS[@]}"; do
-        if [ -z "$(grep -P "$pattern" "$filename")" ]; then
-            echo $filename
-            echo "    Missing: $pattern"
-        fi
-    done
+# Use process substitution so that ERR_FOUND is updated in the main shell.
+while read -r filename; do
+  content=$(cat "$filename")
 
-    # The likelihood of two blocks of 00 in data content is almost impossible,
-    # so use that as a check for when the full data is not read
-    if [ ! -z "$(grep -P "Data Content:( [A-F0-9]{2})* 00 00( [A-F0-9]{2})*" "$filename")" ]; then
-        echo $filename
-        echo "    Full data not read"
+  for pattern in "${REQUIRED_PATTERNS[@]}"; do
+    if ! echo "$content" | awk "/$pattern/ { found=1 } END { exit !found }"; then
+      echo "$filename"
+      echo "    Missing: $pattern"
+      ERR_FOUND=1
     fi
+  done
 
-    if [ ! -z "$(grep -P "\r" "$filename")" ]; then
-        echo $filename
-        echo "    Has carriage return characters"
+  # The likelihood of two blocks of 00 in data content is almost impossible,
+  # so use that as a check for when the full data is not read
+  if echo "$content" | awk '/Data Content:( [A-F0-9]{2})* 00 00( [A-F0-9]{2})*/ { found=1 } END { exit !found }'; then
+    echo "$filename"
+    echo "    Full data not read"
+    ERR_FOUND=1
+  fi
+
+  if echo "$content" | awk '/\r/ { found=1 } END { exit !found }'; then
+    echo "$filename"
+    echo "    Has carriage return characters"
+    ERR_FOUND=1
+  fi
+
+  for pattern in "${FORBIDDEN_PATTERNS[@]}"; do
+    if echo "$content" | awk "/$pattern/ { found=1 } END { exit !found }"; then
+      echo "$filename"
+      echo "    Forbidden pattern found: $pattern"
+      ERR_FOUND=1
     fi
+  done
 
-done
+done < <(find . -type f -name "*.nfc")
+
+exit $ERR_FOUND