supply-chain-investigation
Use when investigating a published supply-chain attack on a registry package (npm, Maven, PyPI, Go, Gradle) — advisory-driven org-wide audit. Triggers on attack-language ("compromised", "malicious", "hijacked", "backdoored", "typosquatted"). NOT for routine CVE scanning — that routes to security-scanner.
Best use case
supply-chain-investigation is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when investigating a published supply-chain attack on a registry package (npm, Maven, PyPI, Go, Gradle) — advisory-driven org-wide audit. Triggers on attack-language ("compromised", "malicious", "hijacked", "backdoored", "typosquatted"). NOT for routine CVE scanning — that routes to security-scanner.
Teams using supply-chain-investigation should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/supply-chain-investigation/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How supply-chain-investigation Compares
| Feature / Agent | supply-chain-investigation | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when investigating a published supply-chain attack on a registry package (npm, Maven, PyPI, Go, Gradle) — advisory-driven org-wide audit. Triggers on attack-language ("compromised", "malicious", "hijacked", "backdoored", "typosquatted"). NOT for routine CVE scanning — that routes to security-scanner.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Supply-Chain Attack Investigation Orchestrated workflow for determining whether a published supply-chain attack affects your GitHub organization. Uses `gh` CLI only — no new tool dependencies. ## When to Use | Use this skill | Use `security-scanner` instead | |----------------|-------------------------------| | Published advisory: "X@1.14.1 contains a RAT dropper" | Routine REVIEW phase scan for outdated deps | | News: "Y package was hijacked" | Generic CVE question: "is CVE-NNNN exploitable?" | | Investigating org-wide blast radius | Scanning current repo's SBOM | | Need pin-tightness verdict per repo | Need install-time vulnerability list | | Need CI log forensics since timestamp T | Need a fresh SAST report | If both fit, the trigger discriminator in `config/default-triggers.json` will route to whichever has stronger signal. When in doubt, start with this skill — it falls back to recommending `security-scanner` for non-attack scenarios. ## Workflow ### Step 1 — PARSE Accept advisory input from the user. Supported shapes: - Advisory URL (GHSA-XXXX, PyPA, GitHub Security Advisories) - Plain text describing the attack - News article link Extract and present to user for confirmation: | Field | Source | |-------|--------| | Package name | URL path, advisory body, or user prompt | | Ecosystem | npm / Maven / PyPI / Go / Gradle | | Compromised versions | Advisory body | | Last-known-good version | Advisory body or registry | | Publish timestamp (UTC) | Advisory metadata | | IOCs | Malicious transitive deps, exfil domains, file paths from advisory | If the user provides only a package name without an advisory, ask once for the compromised version range before proceeding. Don't guess. ### Step 2 — ORG SCAN Search every repo in the target org for manifests/lockfiles containing the package. Ecosystem-specific commands documented in `references/ecosystem-patterns.md`. High-level shape: ```bash gh search code --owner <ORG> "<package>" --filename package.json --json repository,path -L 100 gh search code --owner <ORG> "<package>" --filename package-lock.json --json repository,path -L 100 # ... (per ecosystem — see references/ecosystem-patterns.md) ``` **Handle false positives.** Substring matches will surface — e.g., searching `axios` matches `gaxios`. Verify each hit against the actual dependency tree, not just text presence. ### Step 3 — PIN AUDIT For each hit, download the manifest/lockfile and classify pin tightness: | Class | Example | Risk | |-------|---------|------| | **Exact pin** | `"axios": "1.14.0"` (npm), `==1.14.0` (Python) | Safe IF version is not in compromised range | | **Range** | `"axios": "^1.13.5"` (npm), `>=1.0,<2.0` (Python), `[1.0,2.0)` (Maven) | Risky — may resolve to compromised version | | **Unpinned** | `"axios": "*"`, `requests` (no version) | Highest risk — always latest | | **SNAPSHOT / dynamic** | `1.+` (Gradle), `*-SNAPSHOT` (Maven) | Always risky | Read lockfile (if present) to extract the resolved version. Per-ecosystem patterns in `references/ecosystem-patterns.md`. ```bash gh api repos/<ORG>/<REPO>/contents/<PATH> --jq '.content' | base64 -d ``` For large files (>1MB), use git blob API: ```bash SHA=$(gh api repos/<ORG>/<REPO>/contents/<PATH> --jq '.sha') gh api "repos/<ORG>/<REPO>/git/blobs/$SHA" --jq '.content' | base64 -d ``` ### Step 4 — CI RISK Read each affected repo's CI configuration (`.github/workflows/*.yml`, `Dockerfile`, `Makefile`, `cloudbuild.yaml`, `Jenkinsfile`). Classify the dependency install command: | Ecosystem | Safe (respects pins/locks) | Risky (may resolve newer) | |-----------|--------------------------|---------------------------| | npm | `npm ci` | `npm install`, `npm update` | | yarn | `yarn install --frozen-lockfile` | `yarn install`, `yarn upgrade` | | pnpm | `pnpm install --frozen-lockfile` | `pnpm install`, `pnpm update` | | Maven | Pinned versions + enforcer plugin | Version ranges, SNAPSHOT, `mvn versions:use-latest-releases` | | Gradle | Dependency locking enabled | Dynamic versions (`1.+`) | | pip | `pip install -r requirements.txt` with `==` pins, `--require-hashes` | Unpinned, `--upgrade` | | Poetry | `poetry install --no-update` | `poetry update`, `poetry install` without lock | | Pipenv | `pipenv install --deploy` | `pipenv install`, `pipenv update` | Also flag absence of `--ignore-scripts` (npm) which would let postinstall hooks execute — many supply-chain payloads use this. ### Step 5 — LOG FORENSICS Critical step — many investigations skip this and miss historical resolution evidence. ```bash gh run list --repo <ORG>/<REPO> -L 100 --json databaseId,createdAt,conclusion,workflowName,displayTitle | \ jq --arg ts "<COMPROMISE_TIMESTAMP>" '[.[] | select(.createdAt >= $ts)]' ``` For each run since the compromise timestamp: ```bash gh run view <RUN_ID> --repo <ORG>/<REPO> --log 2>&1 | grep -iE "<compromised-version>|<malicious-dep>|<package>@" ``` Ecosystem-specific log patterns: - npm: `<package>@<version>` (e.g., `axios@1.14.1`), `added N packages` - Maven: `Downloading from.*<artifactId>.*<version>` - Python: `Successfully installed <package>-<version>`, `Downloading <package>-<version>` ### Step 6 — VERDICT Per-repo verdict scale: | Verdict | Criteria | |---------|----------| | **COMPROMISED** | Compromised version found in lockfile, CI logs, OR malicious transitive dep present | | **AT RISK** | No compromise evidence yet, but pinning OR CI command could allow resolution (range pin + risky install command) | | **SAFE WITH CAVEATS** | Pins/locks resolve to safe versions, but CI uses risky install commands that could bypass them | | **SAFE** | Dependencies pinned to safe versions AND CI uses pin-respecting commands | Org-wide rolls up to worst-case verdict. ## Output Format Present findings as: ```markdown ## Supply-Chain Investigation: <package> (<ecosystem>) ### Attack Summary - Package: <name> - Compromised versions: <range> - Safe version: <last-known-good> - Payload: <type — RAT / cryptominer / exfil / etc.> - Publish: <UTC timestamp> - Advisory: <URL> ### Affected Repos | Repo | Manifest | Declared | Resolved | Pin | CI Install | CI Logs | Verdict | |------|----------|----------|----------|-----|------------|---------|---------| | ... | ### CI Log Analysis - Total runs checked since compromise: N - Hits: M ### Overall Org Verdict <worst-case> ### Prioritized Remediation 1. **Immediate**: Pin/override to safe version, block IOC domains/IPs 2. **Short-term**: Switch CI to lock-respecting commands, add `--ignore-scripts` or `--require-hashes` 3. **Long-term**: Enforce lock-file commits, add dependency review workflows ``` If compromise is detected, recommend checking developer machines and CI runners for payload artifacts (IOC file paths, exfil domain DNS, suspicious processes). ## References - [Ecosystem-specific patterns](references/ecosystem-patterns.md) — manifest/lockfile/pin/CI-command reference per ecosystem - [OSV.dev](https://osv.dev) — aggregated open-source advisory database - [GitHub Security Advisories](https://github.com/advisories) — primary advisory source for org-wide context ## Related Skills - `security-scanner` — proactive SAST + CVE scan during REVIEW. Use it for routine vulnerability detection; this skill is for advisory-driven org audit. - `incident-analysis` — for production symptoms (latency spikes, crashes). Different trigger surface.
Related Skills
unified-context-stack
Tiered context retrieval across External Truth (docs), Internal Truth (dependencies), Historical Truth (memory), and Intent Truth (feature specs) with graceful degradation based on installed tools.
skill-scaffold
Emit repo-native seed files (SKILL.md skeleton, routing entry, test snippets) when creating new skills, commands, or plugins
security-scanner
Use when reviewing code changes for security issues — during REVIEW phase or on explicit security, vulnerability, SAST, or secret-scan requests — running available Semgrep/Opengrep, Trivy, and Gitleaks scanners with a self-healing fix loop
runtime-validation
Use when you need to prove a change actually works through its real interfaces — during REVIEW or on requests like validate the feature, does it work, run e2e, or smoke test — covering browser E2E, API smoke, CLI checks, and a11y audits with graceful tool-degradation
prototype-lab
Produce 3 thin comparable variants of a proposed design with a comparison artifact and mandatory Human Validation Plan
project-verification
Use when you need to run the repo's own declared test/lint/type gate locally and emit pass/fail evidence — during REVIEW, before requesting code review, or on a request to run the tests or verify the build — discovering the gate from CLAUDE.md, Makefile, pyproject, or .verify.yml
product-discovery
Use when starting a new feature or initiative and you need problem context, prior art, and acceptance criteria before design — the DISCOVER phase entry point — pulling Jira/Confluence context and synthesizing a discovery brief to validate problem framing
outcome-review
Use when reviewing a shipped feature's real-world outcome in the LEARN phase — checking adoption, error, or experiment metrics after release, validating ship-time hypotheses, or deciding follow-up work — querying PostHog and creating gated follow-up Jira work
openspec-ship
Use when shipping a completed feature and generating as-built OpenSpec docs before branch finalization
incident-trend-analyzer
On-demand postmortem trend analysis — recurrence grouping, trigger categorization, MTTR/MTTD from canonical docs/postmortems/ corpus
incident-analysis
Use when investigating production symptoms — connection failures, pod crashes/restarts, SIGTERM/OOM errors, latency spikes, Cloud SQL/proxy issues, deployment-correlated errors, ImagePullBackOff, CreateContainerConfigError, or node NotReady events
implementation-drift-check
Use when verifying an implementation still matches its spec or plan — during REVIEW or SHIP, or on demand to check drift, confirm you are still on plan, or run a spec check — surfacing spec deviations, unvalidated assumptions, and untested code paths against Intent Truth