supply-chain-risk-auditor
About
This skill audits project dependencies to identify high-risk packages prone to exploitation or takeover, such as those that are unmaintained or have suspicious signals. It's used for assessing supply chain attack surfaces, evaluating dependency health, and scoping security engagements. The skill performs a systematic review and generates a summary report, but is not for active vulnerability scanning.
Quick Install
Claude Code
Recommendednpx skills add trailofbits/skills -a claude-code/plugin add https://github.com/trailofbits/skillsgit clone https://github.com/trailofbits/skills.git ~/.claude/skills/supply-chain-risk-auditorCopy and paste this command in Claude Code to install this skill
GitHub Repository
Frequently asked questions
What is the supply-chain-risk-auditor skill?
supply-chain-risk-auditor is a Claude Skill by trailofbits. Skills package instructions and resources that Claude loads on demand, so Claude can perform supply-chain-risk-auditor-related tasks without extra prompting.
How do I install supply-chain-risk-auditor?
Use the install commands on this page: add supply-chain-risk-auditor to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does supply-chain-risk-auditor belong to?
supply-chain-risk-auditor is in the Other category, tagged ai.
Is supply-chain-risk-auditor free to use?
Yes. supply-chain-risk-auditor is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Related Skills
LlamaGuard is Meta's 7-8B parameter model for moderating LLM inputs and outputs across six safety categories like violence and hate speech. It offers 94-95% accuracy and can be deployed using vLLM, Hugging Face, or Amazon SageMaker. Use this skill to easily integrate content filtering and safety guardrails into your AI applications.
This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.
This skill quantizes LLMs to 8-bit or 4-bit precision using bitsandbytes, achieving 50-75% memory reduction with minimal accuracy loss. It's ideal for running larger models on limited GPU memory or accelerating inference, supporting formats like INT8, NF4, and FP4. The skill integrates with HuggingFace Transformers and enables QLoRA training and 8-bit optimizers.
This Claude Skill analyzes sports betting markets including spreads, over/unders, and prop bets by examining historical trends and situational statistics to identify value bets. It provides structured markdown output with actionable recommendations for educational purposes. Developers should use this for sports betting analysis tools while noting it's designed for entertainment/education only.
