Files
Anthropic-Cybersecurity-Skills/skills/hunting-for-supply-chain-compromise/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.9 KiB

API Reference: Hunting for Supply Chain Compromise

NPM Lock File Analysis

import json
data = json.load(open("package-lock.json"))
packages = data.get("packages", {})
for name, info in packages.items():
    resolved = info.get("resolved", "")
    has_script = info.get("hasInstallScript", False)

pip-audit

pip-audit --format=json --output=audit.json
pip-audit --require=requirements.txt --desc
# Programmatic usage
from pip_audit._cli import audit
# Or parse JSON output
import subprocess, json
result = subprocess.run(["pip-audit", "--format=json"], capture_output=True, text=True)
vulns = json.loads(result.stdout)

Hash Verification

import hashlib
sha = hashlib.sha256()
with open("binary.exe", "rb") as f:
    for chunk in iter(lambda: f.read(8192), b""):
        sha.update(chunk)
print(sha.hexdigest())

Dependency Confusion Checks

Registry Check Command Risk
npm npm view <pkg> name Package exists publicly
PyPI pip index versions <pkg> Package exists publicly
Maven mvn dependency:resolve Artifact on Maven Central

Splunk SPL - Build Anomaly Detection

index=cicd sourcetype=build_logs
| where match(_raw, "(?i)(curl.*\|.*sh|wget.*chmod|--registry\s+http)")
| table _time build_id job_name _raw

Supply Chain Indicators

Indicator Severity Category
Known compromised package CRITICAL Package takeover
Non-standard registry URL HIGH Dependency confusion
Install scripts in deps MEDIUM Post-install hooks
Git URL dependencies MEDIUM Unpinned source
Pipe to shell in CI CRITICAL Remote code execution

References