Skills
skills/jamditis/claude-skills-journalism/supply-chain-hardening/Gen Agent Trust Hub

supply-chain-hardening

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user to perform several administrative and diagnostic commands, such as upgrading npm using sudo npm i -g npm@latest and running a local configuration check with npm config get min-release-age. These are standard development practices for system configuration and security hardening.
  • [EXTERNAL_DOWNLOADS]: The skill provides links to official documentation for npm and bun, as well as the OSV.dev vulnerability database API. These are well-known, trusted resources used for security monitoring and tool configuration.
  • [COMMAND_EXECUTION]: The skill references a shell script (scripts/hotpatch.example.sh) for performing static analysis of packages. While the script content was not provided for analysis, the skill describes its intended use for running heuristics inside security sandboxes like bwrap or firejail, which is a recognized defensive technique.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 07:15 PM
Security Audit — agent-trust-hub — supply-chain-hardening