Supply Chain Audit Skill

Scanner forense completo per rilevare compromissioni da attacchi supply-chain npm/PyPI.

Campagne coperte

Campagna	Data	Vettori principali
Shai-Hulud SAP/BUN wave	2026-04-29	mbt, @cap-js/*, SessionStart hook injection
Mini Shai-Hulud TanStack wave	2026-05-11	@tanstack/*, mistralai, guardrails-ai, lightning
Varianti in corso	continuo	@opensearch-project, @squawk/, @uipath/

Utilizzo

/supply-chain-audit              # scan macchina corrente
/supply-chain-audit --quick      # scan rapido (salta scan git e IOC string)
/supply-chain-audit remediate    # guida remediation interattiva

Installs

Repository

matteocervelli/llms

GitHub Stars

First Seen

May 25, 2026