Stats
Actions
Tags
From spectra-assure
Use when scanning third-party packages, manifests, or lockfiles for malware, tampering, vulnerabilities, or policy violations via ReversingLabs Spectra Assure.
How this skill is triggered — by the user, by Claude, or both
Slash command
/spectra-assure:spectra-assureThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Spectra Assure is not Snyk / Dependabot. Its differentiator is **behavioral differential analysis of compiled artifacts** — it can detect *tampering* and *malicious insertions* between two versions of the same package, which signature-based SCA misses entirely. Use it that way.
Spectra Assure is not Snyk / Dependabot. Its differentiator is behavioral differential analysis of compiled artifacts — it can detect tampering and malicious insertions between two versions of the same package, which signature-based SCA misses entirely. Use it that way.
| Tool | Purpose |
|---|---|
rl_protect_scan | Scan packages by PURL (pkg:pypi/[email protected], pkg:npm/[email protected]) |
rl_protect_scan_manifest | Scan requirements.txt, package.json, pyproject.toml, Gemfile, setup.cfg, *.gemspec |
rl_protect_summarize | Full risk details for flagged packages (secrets, vulns, tampering, malware) |
rl_protect_interpret | Extract one slice: vulnerabilities | indicators | malware | overrides | governance | dependencies | errors |
rl_protect_diff_behavior | Compare two versions of a package for behavioral regressions (the tampering detector) |
minimal · baseline · hardened (default) · custom YAML path.
Use hardened unless the user asks otherwise. minimal is only useful for triaging a failing CI check quickly.
scan → REJECT → MUST fix. Pivot to summarize + interpret(malware|indicators).
→ WARN → Triage. Assess by reachability and exploitability.
→ PASS → Record. Still note any overrides used.
REJECT is not configurable severity — it's Spectra Assure's policy engine saying do not ship this. Treat it as a hard gate.
rl_protect_scan_manifest(
manifest_path="/project/requirements.txt",
report_name="pr-4821-backend",
profile="hardened",
check_deps="release,transitive",
)
Read the compact summary. For every REJECT or high-risk WARN:
rl_protect_summarize(report_id=...)
Then slice:
rl_protect_interpret(report_id=..., task="malware", package="ultralytics")
rl_protect_interpret(report_id=..., task="indicators", package="ultralytics")
When a dependency jumps minor/patch unexpectedly, or maintainer changed, or the package appeared on a threat feed — do not just scan the new version. Diff it.
rl_protect_diff_behavior(
package="ultralytics",
old_version="8.3.40",
new_version="8.3.41",
)
Look at added network endpoints, new shell/exec indicators, new filesystem writes, added dynamic loaders. These are the signals SCA misses.
rl_protect_scan(
purls="pkg:pypi/[email protected],pkg:npm/[email protected]",
report_name="spot-check-2026-04-22",
)
When reporting findings to the user, structure as three tiers:
REJECT with malware/tampering indicators. Name the package, version, and the specific indicator (e.g., "added DNS exfiltration to api.anyrun[.]live"). No equivocation.WARN for known CVEs with available patches or mitigations. Include CVE ID, CVSS, exploit maturity if present, and the fixed version.PASS with any overrides applied, or WARN findings with no reachable path. State the rationale explicitly so it's auditable.Never summarize by count alone ("3 rejects, 12 warns"). Leadership needs the name of the package and the nature of the finding.
Spectra Assure findings map to:
Cite these only when the user is operating in a compliance / attestation context.
Requires RL_TOKEN (prefix rlcmm- for Community, rls3c- for Enterprise). Enterprise also needs RL_PORTAL_SERVER and RL_PORTAL_ORG. If a scan fails with an auth error, say so plainly — don't retry with degraded profiles.
rl_protect_scan on a list of 200 PURLs as a substitute for manifest scanning — manifest scans resolve the dependency graph correctly.rl_protect_scan* first — rl_protect_summarize requires a report_id from a prior scan.REJECT go away. If the user wants to accept a risk, use overrides and document the rationale.npx claudepluginhub s3cr1z/capabilities --plugin spectra-assureProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.