AgentSkillsCN

supply-chain-sentinel

通过生成SBoM并审计依赖项来源,全方位守护软件供应链安全,实时监测恶意软件包与潜在的维护风险。

SKILL.md
--- frontmatter
name: supply-chain-sentinel
description: Protects the software supply chain by generating SBoMs and auditing dependency provenance. Monitors for malicious packages and maintenance risks.
status: implemented

Supply Chain Sentinel

This skill ensures the integrity of everything your software depends on.

Capabilities

1. SBoM Generation

  • Generates a Software Bill of Materials (SBoM) in CycloneDX or SPDX formats.
  • Lists all direct and transitive dependencies with their hashes and origin.

2. Provenance & Risk Audit

  • Analyzes dependency maintenance health (e.g., commit frequency, open issues).
  • Flags potential "typosquatting" or known malicious package patterns.

Usage

  • "Generate an SBoM for our production release."
  • "Audit our supply chain for packages with poor maintenance or suspicious origins."

Knowledge Protocol

  • This skill adheres to the knowledge/orchestration/knowledge-protocol.md. It automatically integrates Public, Confidential (Company/Client), and Personal knowledge tiers, prioritizing the most specific secrets while ensuring no leaks to public outputs.