Stats
Actions
Tags
From sentinel
Analyzes installed package source code for supply chain risks by scanning for eval, network calls, env access, and obfuscation. Scores packages and reports issues with file:line context for JS, Python, Rust, Go ecosystems.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sentinel:package-riskThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Inspect an installed package's source code for behavioral signals that indicate supply chain risk. Scores the package and reports suspicious patterns with file:line context.
Inspect an installed package's source code for behavioral signals that indicate supply chain risk. Scores the package and reports suspicious patterns with file:line context.
Load each step through the fetch command (handles caching, decryption, and auth):
"~/.composure/bin/composure-fetch.mjs" skill sentinel package-risk {step-filename}
Do NOT read cache files directly — they are encrypted at rest. Always use the fetch command above.
| # | File |
|---|---|
| 1 | 01-locate-package.md |
| 2 | 02-behavior-scan.md |
| 3 | 03-score-and-report.md |
npx claudepluginhub hrconsultnj/claude-plugins --plugin sentinelEvaluates project dependencies for supply chain risks including single maintainers, unmaintained packages, low popularity, and high-risk features. Use for pre-audit scoping and attack surface assessment.
Audits project dependencies for supply chain risks: single maintainers, unmaintained packages, low popularity, high-risk features, and past CVEs. Useful for security engagement scoping.
Audits project dependencies for supply chain risks like single maintainers, unmaintained status, low popularity, risky features, and past CVEs. Use for attack surface assessment and security scoping.