Skills
.Work. You
Rest

supply-chain-attack-recon

Official

Audit external software supply chains for risk.

Software Engineering#supply-chain#github-actions#dependency-confusion#osint#sbom#recon#typosquat
Authorchatbotkit
Version1.0.0
Installs0

System Documentation

What problem does it solve?

External recon for software supply-chain surfaces to surface vulnerability patterns such as dependency confusion, package typosquats, GitHub Actions workflow injections, and exposed container registries. It helps identify SBOM leakage, internal-package-name leakage, and CI/CD exposure in targets with public artifacts.

Core Features & Use Cases

  • Dependency-confusion detection across npm/PyPI/go modules and registries.
  • Typosquat candidate discovery and mapping to potential uptake points.
  • GitHub Actions workflow review for potential injection points and secret exposure.
  • SBOM mining to enumerate transitive dependencies and known CVEs.
  • Registry exposure discovery in Docker/OCI registries and artifact feeds.
  • CI/CD configuration exposure discovery and governance improvements.
  • Use case: OSINT on a public GitHub org to assess external risk and prioritize remediation across supply chains.

Quick Start

Analyze a target's public GitHub org and registries to surface dep-confusion and workflow risks.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: supply-chain-attack-recon
Download link: https://github.com/chatbotkit/rook/archive/main.zip#supply-chain-attack-recon

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.