supply-chain-guard
Detect and remediate supply-chain attacks in npm, PyPI, crates.io, and CI/CD.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for supply-chain-guard, derived from its capabilities.
AIVSS 9.2 ยท Critical
View MAESTRO 7-layer threat model โOverview
An Agent Skill (author dan-avila) that scans npm, PyPI, crates.io, GitHub Actions, and CI/CD pipelines for known compromised packages, malicious versions, filesystem IOCs, C2 indicators, and CI/CD misconfigurations, then remediates. It ships a real-world IOC database (dated 2026-03-31) the agent matches against dependency trees.
Key features
- Known-compromised package detection
- Filesystem IOC and C2 indicator scanning
- CI/CD misconfiguration remediation
Use cases
- Auditing dependencies for supply-chain attacks
- Hardening CI/CD against compromise