supply-chain-security-reviewer
CommunityExpose supply-chain risks before they ship.
Authornguyenpv1980-wq
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you assess whether software can be compromised through its dependencies, build process, or CI/CD pipeline, rather than only through first-party code vulnerabilities.
Core Features & Use Cases
- Dependency Risk Review: Triage lockfiles and scanner output by reachability, so reachable issues are separated from latent or irrelevant findings.
- Build and CI Security Review: Inspect install scripts, postinstall hooks, GitHub Actions, and other pipeline steps for untrusted triggers, secret exposure, and unpinned third-party actions.
- Provenance and Pinning Checks: Evaluate whether packages, artifacts, models, datasets, and agentic components are pinned, sourced safely, and accompanied by trustworthy integrity signals.
- Use Case: A team preparing to publish a repository can use this Skill to identify the dependency, workflow, or artifact paths that could lead to code execution or secret theft.
Quick Start
Ask the supply-chain security reviewer to inspect the repository’s lockfiles, install scripts, and CI workflows for reachable compromise paths and concrete remediation steps.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-security-reviewer Download link: https://github.com/nguyenpv1980-wq/Project-Aegis/archive/main.zip#supply-chain-security-reviewer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.