Stats
Actions
Tags
From attach-guard
Evaluates npm/pnpm package supply-chain risk scores, alerts, and version history using attach-guard. Useful for safety checks or investigating blocked installs.
How this skill is triggered — by the user, by Claude, or both
Slash command
/attach-guard:explainThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
When a user asks about the safety or risk profile of an npm/pnpm package, or when attach-guard has blocked or flagged an install, use this skill to provide detailed information.
When a user asks about the safety or risk profile of an npm/pnpm package, or when attach-guard has blocked or flagged an install, use this skill to provide detailed information.
Run the attach-guard evaluate command via the plugin wrapper:
"${CLAUDE_PLUGIN_ROOT}/hooks/bootstrap.sh" evaluate npm install $ARGUMENTS
If no package name was provided as an argument, ask the user which package they want to look up.
This returns JSON with:
allow, ask, or denyAfter running the command, explain the results to the user in plain language:
npx claudepluginhub attach-dev/attach-guard --plugin attach-guardAnalyzes installed package source code for supply chain risks by scanning for eval, network calls, env access, and obfuscation. Scores packages and reports issues with file:line context for JS, Python, Rust, Go ecosystems.
Evaluates packages, manages dependencies, and addresses supply chain security for npm/pip/cargo/bundler/Go. Use for auditing packages, reviewing lockfiles, checking vulnerabilities, comparing alternatives, assessing trustworthiness.
Evaluates dependency risk with 6-factor model from Trail of Bits. Flags risks for human review, not automated verdicts. Use before releases or after adding new deps.