Supply Chain Guard
npx claude-code-templates@latest --skill security/supply-chain-guard Content
Supply Chain Guard
Automated detection and remediation of software supply chain attacks across npm, PyPI, crates.io, GitHub Actions, and CI/CD pipelines. Built from real-world attack intelligence gathered through March 31, 2026.
When to Use This Skill
Use this skill when:
- The user asks to audit a project's dependencies for security issues
- Before deploying code to production
- When investigating a potential supply chain compromise
- When the user mentions a recent supply chain attack and wants to check their projects
- As a regular security check in development workflows
- When setting up CI/CD pipelines and wanting to harden them
- When a new supply chain attack is reported and the user wants to verify exposure
Instructions
Step 1: Understand the Project
Identify what the user's project uses:
- Node.js/npm: Look for
package.json,package-lock.json,yarn.lock,pnpm-lock.yaml - Python/PyPI: Look for
requirements.txt,Pipfile,pyproject.toml,poetry.lock - Rust/crates.io: Look for
Cargo.toml,Cargo.lock - CI/CD: Look for
.github/workflows/,Dockerfile,docker-compose.yml
Step 2: Run the Appropriate Scanners
The skill includes three specialized scanners plus a unified runner. All scripts are in the scripts/ directory.
Full audit (recommended):
bash /path/to/supply-chain-guard/scripts/scan-all.sh /path/to/projectIndividual scanners:
# npm/Node.js projects
bash /path/to/supply-chain-guard/scripts/scan-npm.sh /path/to/project
# Python/PyPI projects
bash /path/to/supply-chain-guard/scripts/scan-python.sh /path/to/project
# CI/CD pipeline audit
bash /path/to/supply-chain-guard/scripts/scan-ci.sh /path/to/projectEach scanner checks for:
- Known compromised packages — exact matches against the IOC database
- Malicious versions — specific version numbers known to contain malware
- Filesystem IOCs — persistence mechanisms left by attackers
- Network IOCs — C2 domains and IPs in source code
- CI/CD misconfigurations — unpinned actions, dangerous triggers, exposed secrets
- Credential exposure — npm tokens, PyPI credentials, .env files
Step 3: Interpret Results
Scanners exit with the number of issues found (0 = clean). Issues are categorized:
- [CRITICAL] — Known malicious package or active IOC detected. Immediate action required.
- [WARNING] — Security concern that needs investigation. May not be an active compromise.
Step 4: Remediate
Based on findings, guide the user through remediation:
If a compromised package is found:
- Remove or downgrade to a known safe version immediately
- Clear package caches:
npm cache clean --force/pip cache purge - Delete
node_modules/.venvand reinstall from lockfile - Rotate ALL credentials that were accessible from the environment
If filesystem IOCs are found:
- The system should be treated as fully compromised
- Identify and remove persistence mechanisms (systemd services, .pth files, cron jobs)
- Rotate every credential on the system
- Audit cloud provider logs (AWS CloudTrail, GCP Audit Logs, Azure Activity Log)
- Check for lateral movement in Kubernetes clusters
- Consider reimaging the machine
If CI/CD issues are found:
- Pin all GitHub Actions to full commit SHAs (not version tags)
- Add
--ignore-scriptsto npm install/ci commands - Add
--require-hashesto pip install commands - Remove or secure
pull_request_targettriggers - Apply least-privilege permissions to workflow tokens
- Audit pipeline execution logs for the attack window periods
Step 5: Harden the Project
After remediation, recommend these preventive measures:
- Lock everything: Exact version pins + lockfiles committed to repo
- Hash-verify: Use
npm ci(notnpm install),pip install --require-hashes - Disable scripts: Use
--ignore-scriptsby default, enable only for trusted packages - Pin actions: All GitHub Actions pinned to full SHA, never tags
- Scope tokens: CI/CD tokens should have minimal permissions
- Monitor: Set up automated dependency scanning (but verify the scanner itself is not compromised — see Trivy incident)
- Network controls: Block known C2 domains/IPs at firewall level
- Audit regularly: Run this scanner before every deployment
Reference Files
references/ioc-database.md— Full IOC database with all compromised packages, malicious versions, C2 infrastructure, filesystem indicators, and attack timelines. Read this file for detailed intelligence on specific attacks.
Current Threat Landscape (as of 2026-03-31)
Active Campaign: TeamPCP (CRITICAL)
The most significant active threat. TeamPCP is executing a cascading credential-chain campaign:
- Compromised Trivy (security scanner) → stole CI/CD secrets from thousands of pipelines
- Used stolen npm tokens to deploy CanisterWorm across 141+ npm packages
- Used stolen PyPI tokens to backdoor LiteLLM (95M monthly downloads) and Telnyx
- Uses blockchain (ICP) for C2, making takedown impossible
- Deploys WAV steganography for payload delivery
- Targets Kubernetes for lateral movement
- Has a destructive variant that wipes Iranian systems
Active: axios npm Hijack (2026-03-31)
- axios@1.14.1 and axios@0.30.4 contain RAT dropper via fake
plain-crypto-jsdependency - 300M+ weekly downloads makes this extremely high-impact
- Cross-platform RAT for macOS, Windows, and Linux
- Compromised maintainer account (jasonsaayman)
Recent: Malicious Rust Crates (2026-02/03)
- 5 crates impersonating time utilities on crates.io
- Steal .env files, AWS credentials, SSH keys
- First significant supply chain attack targeting Rust ecosystem
Historical but Relevant: Shai-Hulud Worm
- Self-replicating npm worm that compromised ~1000 packages
- Targets npm tokens for self-propagation
- Destructive fallback: wipes home directory if exfiltration fails
Updating the IOC Database
When new supply chain attacks are reported:
- Search for the latest advisories from Socket, Aikido, Endor Labs, Snyk, JFrog
- Update
references/ioc-database.mdwith new packages, versions, domains, IPs - Update the scanner scripts with new package entries in the MALICIOUS_* arrays
- Update the
ioc-db-datein the SKILL.md frontmatter