supply-chain-security-reviewer

Community

Expose supply-chain risks before they ship.

Authornguyenpv1980-wq
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps you assess whether software can be compromised through its dependencies, build process, or CI/CD pipeline, rather than only through first-party code vulnerabilities.

Core Features & Use Cases

  • Dependency Risk Review: Triage lockfiles and scanner output by reachability, so reachable issues are separated from latent or irrelevant findings.
  • Build and CI Security Review: Inspect install scripts, postinstall hooks, GitHub Actions, and other pipeline steps for untrusted triggers, secret exposure, and unpinned third-party actions.
  • Provenance and Pinning Checks: Evaluate whether packages, artifacts, models, datasets, and agentic components are pinned, sourced safely, and accompanied by trustworthy integrity signals.
  • Use Case: A team preparing to publish a repository can use this Skill to identify the dependency, workflow, or artifact paths that could lead to code execution or secret theft.

Quick Start

Ask the supply-chain security reviewer to inspect the repository’s lockfiles, install scripts, and CI workflows for reachable compromise paths and concrete remediation steps.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: supply-chain-security-reviewer
Download link: https://github.com/nguyenpv1980-wq/Project-Aegis/archive/main.zip#supply-chain-security-reviewer

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 545,000+ vetted skills library on demand.