agent-infra-security
By makash
Respond to supply chain security incidents across npm, PyPI, GitHub Actions, AWS, GCP, Azure, and multi-language projects by generating interactive triage checklists, incident runbooks, shell scripts for credential rotation, IOC detection in logs, exposure audits, remediation, and dependency hardening with pinning, SBOM, and signing.
npx claudepluginhub makash/agent-infra-security --plugin agent-infra-securityComponent Overview
Component Details
Skills (6)
Detect whether stolen credentials were used and rotate them after a supply chain attack or security incident. Use this skill when credentials may have been exfiltrated and the user needs to determine if they were abused, rotate compromised credentials, or verify rotation completeness. Trigger when users ask about checking cloud audit logs after a compromise, detecting unauthorized credential use, finding lateral movement from stolen tokens, rotating credentials after an incident, auditing API key usage, or verifying that credential rotation was complete. Also trigger when an ecosystem-specific skill (pypi-supply-chain-response, npm-supply-chain-response, github-actions-supply-chain-response) hands off credential rotation to this skill. Works as a follow-up to any incident response skill or standalone for credential-focused incidents.
Respond to compromised GitHub Actions where tags have been overwritten with malicious code. Use this skill when a GitHub Action is reported compromised, when CI/CD secrets may have been exfiltrated through a poisoned action, when someone mentions Trivy, Checkmarx KICS, or any GitHub Action being backdoored, hacked, or tampered with. Also trigger when users ask about checking workflow run logs for exfiltration indicators, rotating CI secrets after a GitHub Actions compromise, or auditing GitHub Actions references across their organization.
Respond to npm supply chain attacks and compromised package incidents. Use this skill whenever a user mentions a compromised npm package, an npm supply chain attack, a malicious dependency in node_modules, credential-stealing malware from npm install, or asks how to check if they're affected by a package compromise on npm. Also trigger when the user asks about postinstall script backdoors, typosquatted npm packages, hunting for IOCs after an npm install, auditing node environments for malicious packages, or generating an incident response checklist for an npm compromise. Trigger even if the user just names a package and says it was "hacked", "backdoored", "compromised", or "pwned" and the package is from npm, yarn, or pnpm. Covers axios, plain-crypto-js, and any future npm supply chain incident.
Respond to Python/PyPI supply chain attacks and compromised package incidents. Use this skill whenever a user mentions a compromised Python package, a PyPI supply chain attack, a malicious dependency, credential-stealing malware in a pip package, or asks how to check if they're affected by a package compromise. Also trigger when the user asks about rotating credentials after a Python package incident, finding transitive dependencies, hunting for IOCs from a pip install, auditing Python environments for malicious packages, or generating an incident response checklist for a PyPI compromise. Trigger even if the user just names a package and says it was "hacked", "backdoored", "compromised", or "pwned".
Proactively audit and harden dependency management against supply chain attacks. Use this skill when a user asks about securing their dependencies, hardening their CI/CD pipeline against supply chain attacks, auditing their lockfiles or dependency pins, setting up SBOM generation, implementing dependency signing or provenance verification, or preventing the next supply chain compromise. Also trigger proactively when reviewing dependency configuration files (package.json, requirements.txt, Gemfile, go.mod, Cargo.toml, pom.xml) and noticing risky patterns like unpinned versions, missing lockfiles, or postinstall scripts. This skill is preventive — for active incident response, use the ecosystem-specific skills instead.
Investigate whether a project, environment, container, or CI pipeline is affected by a dependency supply chain incident across any ecosystem. Use this skill when the user mentions a compromised package and the ecosystem is NOT npm/Node.js, NOT Python/PyPI, and NOT GitHub Actions — those have dedicated skills (npm-supply-chain-response, pypi-supply-chain-response, github-actions-supply-chain-response). Use this skill for Go, Rust, Ruby, Java/Maven, .NET/NuGet, Docker, or when the ecosystem is unknown or spans multiple ecosystems. Also use when the user asks a general "am I affected?" question without specifying an ecosystem.
README
Similar Plugins
repo-forensics
Auto-scan repositories and packages for security threats on install/clone
Help us improve
Share bugs, ideas, or general feedback.