spectra-assure

Official

Detect package tampering, malware, and supply chain risks.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Standard supply chain scanning tools fail to detect tampering and malicious insertions in compiled artifacts that signature-based SCA tools miss, leaving teams vulnerable to compromised dependencies that pass traditional vulnerability checks.

Core Features & Use Cases

  • Tampering Detection: Diff behavioral changes between two versions of the same package to catch hidden malicious insertions that signature-based tools miss.
  • Comprehensive Scanning: Scan individual packages by PURL, manifest files (requirements.txt, package.json, etc.), and lockfiles for malware, vulnerabilities, and policy violations.
  • Compliance Support: Map findings to NIST SSDF, EO 14028, and OWASP Top 10 requirements for audit and attestation workflows.
  • Use Case: When a dependency releases an unexpected minor/patch update, use the skill to diff the old and new versions to identify new network endpoints, shell execution indicators, or filesystem writes that signal tampering.

Quick Start

Use the spectra-assure skill to scan your project's requirements.txt file for supply chain risks using the hardened profile and review any flagged packages for malware or tampering indicators.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: spectra-assure
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#spectra-assure

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.