Stats
Actions
Tags
From agent-infra-security
Investigates supply chain compromises in Go, Rust, Ruby, Java, .NET, Docker projects or unknown/multi-ecosystems by checking manifests, lockfiles, and environments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agent-infra-security:supply-chain-security-checkThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Generic incident response for supply chain compromises across any package ecosystem.
Generic incident response for supply chain compromises across any package ecosystem.
Routing note: If the compromised package is from npm/Node.js, Python/PyPI, or GitHub Actions, use the dedicated ecosystem skill instead — they have deeper IOC libraries, ecosystem-specific forensics, and tailored detection commands. This skill covers Go, Rust, Ruby, Java, .NET, Docker, multi-ecosystem incidents, and any ecosystem without a dedicated skill.
Collect from the user before starting. Don't re-ask for information already provided.
Required:
Helpful but not required:
Collect:
Search lockfiles and dependency manifests using the ecosystem-appropriate files:
| Ecosystem | Manifest files | Lockfiles |
|---|---|---|
| Go | go.mod | go.sum |
| Rust | Cargo.toml | Cargo.lock |
| Ruby | Gemfile | Gemfile.lock |
| Java | pom.xml, build.gradle, build.gradle.kts | — |
| .NET | *.csproj, *.fsproj, packages.config | packages.lock.json |
| Docker | Dockerfile, docker-compose.yml | — |
| Python | requirements*.txt, pyproject.toml, Pipfile | poetry.lock, uv.lock, Pipfile.lock |
| Node | package.json | package-lock.json, yarn.lock, pnpm-lock.yaml |
Also search:
.github/workflows/, .gitlab-ci.yml, Jenkinsfile)# Generic search across all file types
rg -n "<PACKAGE>" .
find . -name "*.lock" -o -name "*.toml" -o -name "*.mod" -o -name "Gemfile*" -o -name "pom.xml" -o -name "*.gradle" -o -name "*.csproj" | xargs grep -l "<PACKAGE>" 2>/dev/null
Check the actual installed environment, not just source files.
| Ecosystem | Check installed version | Show dependency tree |
|---|---|---|
| Go | go list -m <PACKAGE> | go mod graph | grep <PACKAGE> |
| Rust | cargo tree -p <PACKAGE> | cargo tree -i <PACKAGE> |
| Ruby | bundle show <PACKAGE> | bundle exec gem dependency <PACKAGE> --reverse-dependencies |
| Java (Maven) | mvn dependency:tree | grep <PACKAGE> | mvn dependency:tree |
| Java (Gradle) | gradle dependencies | grep <PACKAGE> | gradle dependencies |
| .NET | dotnet list package | dotnet list package --include-transitive |
| Docker | docker run --rm <IMAGE> <pkg_cmd> | Inspect image layers: docker history <IMAGE> |
| Python | pip show <PACKAGE> | pipdeptree -r -p <PACKAGE> |
| Node | npm ls <PACKAGE> | npm ls <PACKAGE> / yarn why <PACKAGE> |
Determine:
Look for:
.pth files, npm postinstall, Ruby extconf.rb)Credential access evidence:
find ~/.ssh ~/.aws ~/.config/gcloud ~/.kube -atime -1 2>/dev/null
stat ~/.ssh/id_rsa 2>/dev/null | grep Access
Process inspection:
ps aux | grep -v grep | grep -iE "<SUSPICIOUS_PATTERN>"
Network indicators:
ss -tnp 2>/dev/null | grep -i "<C2_DOMAIN>"
grep -rF "<C2_DOMAIN>" /var/log/ 2>/dev/null
Persistence checks:
# systemd user services
find ~/.config/systemd/user/ -name "*.service" -mtime -7 2>/dev/null
# Cron jobs
crontab -l 2>/dev/null
# Scripts in config directories
find ~/.config -name "*.py" -o -name "*.sh" -o -name "*.rb" | xargs ls -lt 2>/dev/null | head -20
Kubernetes (if applicable):
kubectl get pods -n kube-system --sort-by=.metadata.creationTimestamp
kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.containers[].securityContext.privileged == true) | .metadata.name'
kubectl get secrets --all-namespaces --sort-by=.metadata.creationTimestamp | tail -20
Classify each finding as:
If affected:
Credential rotation: Hand off to the credential-exfiltration-response skill for systematic rotation. Scope what credentials were accessible on the compromised system first:
# List credential files present
ls ~/.ssh/id_* ~/.aws/credentials ~/.config/gcloud/application_default_credentials.json ~/.kube/config ~/.npmrc ~/.pypirc ~/.docker/config.json 2>/dev/null
# Find .env secrets to rotate
find . -name ".env*" -exec grep -h "KEY\|SECRET\|TOKEN\|PASSWORD\|CREDENTIAL" {} \; | cut -d= -f1 | sort -u
Tell the credential skill which types were accessible, the attack window, and whether IOCs suggest active credential use.
Pin exact versions in dependency files — never use range specifiers for critical dependencies.
| Ecosystem | Pin syntax | Lockfile with hashes |
|---|---|---|
| Go | go get <PACKAGE>@v1.2.3 | go.sum (automatic) |
| Rust | <PACKAGE> = "=1.2.3" in Cargo.toml | Cargo.lock (automatic) |
| Ruby | gem '<PACKAGE>', '1.2.3' | Gemfile.lock (automatic) |
| Java | <version>1.2.3</version> (no ranges) | — |
| .NET | Version="1.2.3" (no wildcards) | packages.lock.json |
| Python | <PACKAGE>==1.2.3 | pip-compile --generate-hashes |
| Node | npm install --save-exact | npm ci (lockfile-only) |
Generate an SBOM so you can answer "am I affected?" in seconds next time.
Scope secrets in CI/CD — pass secrets only to the specific step that needs them.
State whether the project, image, runner, or host appears affected.
For each repo, environment, image, or host:
credential-exfiltration-response)List what still cannot be proven from available evidence.
credential-exfiltration-response skill for the full detect/rotate/verify lifecycle.npx claudepluginhub makash/agent-infra-security --plugin agent-infra-securityGenerates interactive triage checklists, incident runbooks, or shell scripts to investigate and remediate PyPI supply chain attacks on compromised Python packages.
Discovers external supply-chain attack surface including dependency confusion, namespace squatting, CI/CD exposure, and container image registry recon via public GitHub orgs, SBOMs, and JS bundles.
Detects known-bad versions in Python dependencies, audits lockfiles like uv.lock, scans artifacts, and provides incident response patterns for supply chain security.