← Back to Skills Marketplace
preciousdust

axios-supply-chain-attack-check

by hometown · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
97
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install axios-supply-chain-attack-check
Description
Provides a quick 1-minute script to detect and handle malicious axios versions and backdoor dependencies in front-end projects.
README (SKILL.md)

Skill Instructions

适用场景

适用于所有前端项目,当检测到前端项目依赖存在axios恶意版本(1.14.1/0.30.4)、[email protected]后门依赖,或出现开发/构建环境异常外联、未知脚本执行时,立即执行本技能完成应急处置。

紧急排查

依赖版本风险核查及处理

执行以下命令检查项目依赖树中是否存在风险版本:

bash ./scripts/check-axios-risk.sh
Usage Guidance
This script appears to do what it says, but it's intrusive: it will uninstall packages, remove node_modules and lockfiles, reinstall dependencies from the network, and delete specific files on the host. Before running: (1) review the script and its file-deletion list; (2) commit or back up your repository and lockfiles so you can revert; (3) consider running the detection lines manually first (npm list ...) to confirm findings; (4) run remediation in a safe environment (CI job, dev container, or isolated machine) if possible; (5) be aware npm install will contact the registry to download packages and that using axios@latest may update to a different minor/major version — verify compatibility. If you need reduced-risk diagnosis, run only the checks and review results before allowing automated remediation.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The script's checks (npm list axios, npm list plain-crypto-js) and remediation steps (npm uninstall, rm -rf node_modules and lockfiles, npm install, delete specific system files) directly support the stated goal of detecting and mitigating known axios/plain-crypto-js supply-chain compromises. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Instructions are narrowly scoped to run the included shell script, which inspects dependency trees and specific system paths. However, the script performs destructive actions (uninstalling packages, deleting node_modules and lockfiles, reinstalling from the network, and deleting filesystem paths like /Library/Caches/com.apple.act.mond and /tmp/ld.py). These are coherent with remediation but have side effects and require appropriate permissions and backups before running.
Install Mechanism
This is an instruction-only skill with no install spec; nothing is written to disk by an installer beyond the provided script. Low install-surface risk.
Credentials
No environment variables, credentials, or config paths are requested. The script uses npm and filesystem operations which are proportionate to checking and remediating a Node.js front-end project.
Persistence & Privilege
Skill does not request persistent/always-on presence and does not modify other skills or system-wide agent configs. It runs on-demand and requires no elevated platform privileges beyond what the user grants when executing the script.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install axios-supply-chain-attack-check
  3. After installation, invoke the skill by name or use /axios-supply-chain-attack-check
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of axios-supply-chain-attack-check. - Provides a 1-minute rapid inspection script for detecting malicious axios versions (1.14.1/0.30.4) and related supply chain threats. - Suitable for all frontend projects to quickly check dependency trees and handle emergencies.
Metadata
Slug axios-supply-chain-attack-check
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is axios-supply-chain-attack-check?

Provides a quick 1-minute script to detect and handle malicious axios versions and backdoor dependencies in front-end projects. It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.

How do I install axios-supply-chain-attack-check?

Run "/install axios-supply-chain-attack-check" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is axios-supply-chain-attack-check free?

Yes, axios-supply-chain-attack-check is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does axios-supply-chain-attack-check support?

axios-supply-chain-attack-check is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created axios-supply-chain-attack-check?

It is built and maintained by hometown (@preciousdust); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments