此内容尚未提供您的语言版本,正在以英文显示。
Supply Chain Risk Auditor
插件 活跃属于:Trailofbits
Audit supply-chain threat landscape of project dependencies for exploitation or takeover risk
1 个 Skill 0 个 MCP
目的
To help users identify and mitigate supply chain threats within their project's dependencies by flagging high-risk factors and suggesting safer alternatives.
功能
- Analyzes direct project dependencies for supply chain risk factors.
- Uses 'gh' CLI for comprehensive data gathering on dependencies.
- Identifies dependencies with single maintainers, unmaintained status, low popularity, high-risk features, past CVEs, or missing security contacts.
- Generates a detailed report with risk assessments and suggested alternatives.
使用场景
- Assessing the security posture of project dependencies.
- Identifying potential vulnerabilities in the software supply chain.
- Making informed decisions about replacing risky dependencies.
- Scoping security engagements related to supply chain risks.
非目标
- Performing active vulnerability scanning (e.g., CVE detection in source code).
- Analyzing runtime dependencies.
- Auditing license compliance.
- Replacing dedicated security auditing tools.
Trust
- warning:Issues AttentionThere are 13 issues opened and 4 closed in the last 90 days, resulting in a closure rate of approximately 24%, indicating slow response to open issues.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install supply-chain-risk-auditor@trailofbits质量评分
77 /100
about 24 hours ago 分析
类似扩展
Dotforge
100Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.
插件
luiseiman
Review Agent Governance
99Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI config. Cedar-gated, receipt-signed, designed for the Hermes-style failure mode where a review bot posts without oversight.
插件
wshobson
HubSpot Admin Skills
99Complete HubSpot CRM administration toolkit — audit, clean, enrich, segment, automate, and maintain your database
插件
TomGranot