← Back to Skills Marketplace
ai-supply-chain-security
by
javamagong
· GitHub ↗
· v2.1.0
· MIT-0
94
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ai-supply-chain-security
Description
Cross-platform AI security scanner detecting hooks risks, MCP server attacks, prompt injection, supply chain threats in npm, PyPI, Rust, and GitHub Actions c...
README (SKILL.md)
AI Supply Chain Security
Cross-platform AI Coding security scanner for OpenClaw and Claude Code, detecting hooks configuration risks, MCP server attacks, prompt injection, and supply chain attacks (npm/PyPI/Rust).
Skill Information
name: ai-supply-chain-security
version: 2.1.0
description: Cross-platform AI Coding security scanner - Detect hooks, MCP servers, prompt injection, supply chain attacks, lock file poisoning, and registry substitution attacks
author: JavaMaGong
platforms: [Windows, macOS, Linux]
category: security
Installation
OpenClaw
openclaw skills install ai-supply-chain-security
Manual Installation
# Clone repository
git clone https://github.com/javamagong/ai-supply-chain-security.git
# Run directly (no install script needed)
python ai-scanner.py --help
Core Features
1. AI Assistant Hooks Detection
| AI Assistant | Config File | Detection Content |
|---|---|---|
| Claude Code | .claude/settings.json |
hooks, MCP servers, permissions |
| Cursor | .cursorrules |
Prompt injection |
| Generic | CLAUDE.md |
Prompt injection attacks |
2. MCP Server Security Detection
Scans MCP server configurations for:
- Unverified server sources
- Excessive permission requests
- Suspicious environment variable access
3. Prompt Injection Detection
Detects suspicious patterns in CLAUDE.md and .cursorrules:
- Instruction override patterns (e.g., phrases attempting to clear previous context)
- Role hijacking attempts (e.g., claims to change AI identity)
- Fake urgency commands (e.g., URGENT override requests)
- Hidden Unicode characters (zero-width chars like U+200B, U+200C, U+200D)
- Base64 encoded hidden instructions
4. Supply Chain Security Detection
npm Packages:
- Known malicious packages (colors, coa, rc, etc.)
- Dangerous lifecycle scripts (postinstall, preinstall, prepare)
- Dependency confusion attacks
- Typosquatting (opeanai, litelm, etc.)
Python Packages:
- Malicious code in setup.py
- Suspicious pyproject.toml configurations
- Git URL dependencies with risks
- Dependency confusion attacks
Rust Crates:
- Build.rs malicious code
- Suspicious cargo.toml
5. Lock File Poisoning Detection
package-lock.json / yarn.lock:
- Non-official
resolvedURLs (CRITICAL) - Missing
integrityhashes (WARNING) - Cross-reference against known malicious package database
poetry.lock:
- Git-sourced dependencies
- Non-PyPI source URLs
- Known malicious package detection
Cargo.lock:
- Git+ source dependencies
- Non-crates.io registry sources
- Missing checksum detection
6. Registry Substitution Attack Detection
.npmrc:
- Global registry overrides pointing to non-official URLs (CRITICAL)
- Scoped registry redirects (@scope:registry)
- Hardcoded
_authTokenvalues (CRITICAL) always-auth=truecredential exposure
pip.conf / pip.ini:
- Non-official
index-url(CRITICAL) extra-index-urldependency confusion risk (WARNING)trusted-hostTLS bypass (WARNING)- Scans both project-level and global system config
7. GitHub Actions Security
- Unpinned Action versions (@main, @master, @HEAD)
- Secrets leakage to logs
- Dangerous pull_request_target triggers
8. Code Obfuscation Detection
- Hex-encoded malicious code
- Base64 hidden payloads
- Unicode homograph attacks
CLI Usage
Basic Scan
# Scan current directory
python ai_scanner.py
# Scan specific directory
python ai_scanner.py -d /path/to/project
# Full scan with node_modules
python ai_scanner.py -d /path/to/project --full
Auto-Discovery Scan
# Scan all projects under directory
python auto_scanner.py -d /path/to/projects
# Scan with specific severity filter
python auto_scanner.py -d /path/to/projects --severity critical
Output Formats
# Text output (default)
python ai_scanner.py -f text
# JSON output
python ai_scanner.py -f json -o report.json
# Markdown report
python ai_scanner.py -f markdown -o report.md
Configuration
Edit config.yaml:
scan_paths:
- "./"
- "../projects"
notification:
webhook:
enabled: false
url: "${SECURITY_WEBHOOK_URL}"
email:
enabled: false
smtp_host: "${SMTP_HOST}"
smtp_port: 587
from: "${SMTP_FROM}"
to: "${SMTP_TO}"
password: "${SMTP_PASSWORD}"
severity_threshold: "medium"
auto_fix: false
Detection Rules
Known Malicious npm Packages
- colors (>=1.4.0)
- coa (>=2.0.0)
- rc (>=1.3.0)
- And 30+ more...
AI Ecosystem Typosquatting Targets
- openai / opeanai
- anthropic / anthorpic
- litellm / litelm
- langchain / langchn
Dangerous Patterns
- Hidden Unicode: zero-width chars in filenames/code
- Suspicious base64: encoded shell commands
- Malicious setup.py: exec() calls, network requests
CI/CD Integration
GitHub Actions
- name: Security Scan
uses: actions/checkout@v3
- name: Run AI Security Scanner
run: |
pip install -r requirements.txt
python ai_scanner.py -d . -f json -o security-report.json
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: security-report
path: security-report.json
Pre-commit Hook
repos:
- repo: local
hooks:
- id: ai-security-scan
name: AI Security Scanner
entry: python ai_scanner.py -d .
language: system
pass_filenames: false
Requirements
- Python 3.8+
- See
requirements.txtfor dependencies
License
MIT-0 - See LICENSE file
Author
JavaMaGong - https://github.com/javamagong
Changelog
See CHANGELOG.md for version history
Usage Guidance
This package appears to be a legitimate local security scanner whose behavior matches its description. Before installing or running it: 1) verify the upstream source (SKILL.md references a GitHub repo but registry metadata lacks a homepage); 2) run it on directories you control (don’t point it at system/root paths unless you intend to scan them); 3) keep notification/webhook/email settings disabled unless you trust the destination (reports may contain detected secrets/config snippets); 4) review config.yaml to restrict scan_paths, exclusions, and max depth; and 5) if you want stronger assurance, inspect the full auto_scanner.py and any truncated files for network/send logic (requests or socket usage) before enabling notifications or running it on sensitive codebases.
Capability Analysis
Type: OpenClaw Skill
Name: ai-supply-chain-security
Version: 2.1.0
The bundle is a comprehensive security scanner designed to detect supply chain attacks, malicious AI assistant hooks (e.g., Claude Code, Cursor), and prompt injection. The core logic in 'ai_scanner.py' and 'auto_scanner.py' uses extensive regex-based rules and a database of known malicious packages to audit local project files for risks like typosquatting, dependency confusion, and dangerous lifecycle scripts. While the code contains many 'dangerous' patterns (e.g., 'curl | bash', 'rm -rf'), they are used strictly for detection purposes. No evidence of data exfiltration, unauthorized remote control, or malicious intent was found; the tool's behavior is entirely consistent with its stated purpose.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (AI supply‑chain & prompt/hooks scanner) match the shipped files and detection rules. The project contains Python/JS/sh scripts that implement the described scanning capabilities (MCP/hook detection, prompt injection, npm/PyPI/Cargo checks, lockfile checks, GitHub Actions analysis). No unrelated credentials or binaries are required by the skill metadata.
Instruction Scope
SKILL.md and CLI instruct the agent or user to scan directories (current dir or specified path). The scanner also advertises scanning project-level and global config files (e.g., ~/.npmrc, pip config) and can search home/work directories per config — this is coherent with its purpose but means it will read potentially sensitive local files (configs, lockfiles, project files). Instructions do not tell the agent to send data off‑host by default; webhook/email notification hooks are present but disabled by default in config.yaml.
Install Mechanism
No formal install spec is declared; SKILL.md shows manual installation via git clone or running included Python scripts. The SKILL.md references a GitHub repo (github.com/javamagong/...), but registry metadata lists source/homepage as unknown/missing — a minor inconsistency worth verifying before cloning. There are no remote downloads or archive extracts performed by the provided scripts themselves.
Credentials
The skill declares no required environment variables or primary credentials. Optional configuration supports webhooks and SMTP using environment variables if the user enables notifications; those are optional and not required at runtime. The scanner's detection rules look for references to many common secret names (AWS, OPENAI, etc.) — that's detection logic, not credential usage or exfiltration.
Persistence & Privilege
The skill does not request always:true and does not attempt to alter other skills or system-wide agent settings. It contains CLI/CI integration examples and a pre-commit hook snippet (local usage) but no code that would autonomously persist or escalate privileges. Running the scanner with elevated privileges would expose more files to scanning, but that is user-controlled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-supply-chain-security - After installation, invoke the skill by name or use
/ai-supply-chain-security - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
**ai-supply-chain-security v2.1.0**
- Added comprehensive lock file poisoning detection (package-lock.json, poetry.lock, Cargo.lock) for non-official sources and missing integrity.
- Introduced registry substitution attack checks for .npmrc, pip.conf, and pip.ini including hardcoded tokens and index/registry overrides.
- Enhanced supply chain security scanning with updated malicious package database and typosquatting coverage.
- Added sample detection examples (`examples/malicious-package.json`, `examples/safe-package.json`).
- Unified documentation and changelog under new files; removed legacy meta file.
v1.0.0
ai-supply-chain-security v1.0.0
- Initial release of a cross-platform AI Coding security scanner for OpenClaw and Claude Code.
- Detects risks in hooks configuration, MCP server attacks, prompt injection, and supply chain attacks for npm, PyPI, and Rust.
- Core features: AI assistant hooks analysis, supply chain threat detection, MCP server security checks, prompt injection protection, GitHub Actions security, and code obfuscation identification.
- Supports multiple installation methods and output formats, including CI/CD integrations and customizable configuration.
- Built-in detection against known malicious packages and common typo-squat attacks in the AI ecosystem.
Metadata
Frequently Asked Questions
What is ai-supply-chain-security?
Cross-platform AI security scanner detecting hooks risks, MCP server attacks, prompt injection, supply chain threats in npm, PyPI, Rust, and GitHub Actions c... It is an AI Agent Skill for Claude Code / OpenClaw, with 94 downloads so far.
How do I install ai-supply-chain-security?
Run "/install ai-supply-chain-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ai-supply-chain-security free?
Yes, ai-supply-chain-security is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ai-supply-chain-security support?
ai-supply-chain-security is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ai-supply-chain-security?
It is built and maintained by javamagong (@javamagong); the current version is v2.1.0.
More Skills