Stats
Actions
Tags
Detects PyPI supply chain attacks including typosquatting via Levenshtein distance, dependency confusion for private registries, pip SHA-256 hash verification, and pip-audit CVE scanning. Outputs JSON risk reports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:performing-supply-chain-attack-simulationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
软件供应链攻击通过以下方式利用对包注册表的信任:域名抢注(注册与流行包相似的名称)、依赖混淆(发布与私有名称匹配的高版本公共包),以及被入侵的包分发。本技能通过以下方式检测这些攻击向量:计算包名与流行 PyPI 包之间的 Levenshtein 距离、通过 SHA-256 哈希比较验证包完整性、使用 pip-audit 扫描已知 CVE,以及测试依赖解析顺序的混淆漏洞。
软件供应链攻击通过以下方式利用对包注册表的信任:域名抢注(注册与流行包相似的名称)、依赖混淆(发布与私有名称匹配的高版本公共包),以及被入侵的包分发。本技能通过以下方式检测这些攻击向量:计算包名与流行 PyPI 包之间的 Levenshtein 距离、通过 SHA-256 哈希比较验证包完整性、使用 pip-audit 扫描已知 CVE,以及测试依赖解析顺序的混淆漏洞。
pip-audit、Levenshtein、requestsJSON 报告,包含每个包的风险评分、检测到的攻击向量、哈希验证结果和 CVE 发现。
npx claudepluginhub killvxk/cybersecurity-skills-zhSimulates and detects Python supply chain attacks: typosquatting via Levenshtein distance, dependency confusion, pip hash verification, and pip-audit vulnerability scanning. For security audits.
Simulates and detects PyPI supply chain attacks including typosquatting via Levenshtein distance, dependency confusion against private registries, pip package hash verification, and pip-audit vulnerability scanning.
Simulates and detects software supply chain attacks: typosquatting via Levenshtein distance, dependency confusion, package hash verification, and CVE scanning with pip-audit. For security assessments.