From attach-guard
Evaluates npm/pnpm package supply-chain risk scores, alerts, and version history using attach-guard. Useful for safety checks or investigating blocked installs.
npx claudepluginhub attach-dev/attach-guard --plugin attach-guardThis skill is limited to using the following tools:
When a user asks about the safety or risk profile of an npm/pnpm package, or when attach-guard has blocked or flagged an install, use this skill to provide detailed information.
Analyzes installed package source code for supply chain risks by scanning for eval, network calls, env access, and obfuscation. Scores packages and reports issues with file:line context for JS, Python, Rust, Go ecosystems.
Evaluates packages, manages dependencies, and addresses supply chain security for npm/pip/cargo/bundler/Go. Use for auditing packages, reviewing lockfiles, checking vulnerabilities, comparing alternatives, assessing trustworthiness.
Evaluates JavaScript dependencies for supply chain risks using 6 factors from Trail of Bits, parsing npm/pnpm/yarn lockfiles to flag direct and deep transitive issues for review.
Share bugs, ideas, or general feedback.
When a user asks about the safety or risk profile of an npm/pnpm package, or when attach-guard has blocked or flagged an install, use this skill to provide detailed information.
Run the attach-guard evaluate command via the plugin wrapper:
"${CLAUDE_PLUGIN_ROOT}/hooks/bootstrap.sh" evaluate npm install $ARGUMENTS
If no package name was provided as an argument, ask the user which package they want to look up.
This returns JSON with:
allow, ask, or denyAfter running the command, explain the results to the user in plain language: