supply-chain-trust
Provides a decision aid for ensuring supply-chain trust in software delivery, focusing on reproducible builds and dependency management.
Install this skill
or
68/100
Security score
The supply-chain-trust skill was audited on Jun 8, 2026 and we found 4 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 238
Access to system keychain/keyring
SourceSKILL.md
| 238 | - Verify Debian `Release` file with explicit archive signing keys (`/usr/share/keyrings/debian-archive-keyring.gpg`) |
high line 281
Access to system keychain/keyring
SourceSKILL.md
| 281 | | Base OS packages | snapshot.debian.org | Debian archive key | embedded in keyring | |
low line 106
External URL reference
SourceSKILL.md
| 106 | - **Pin to `snapshot.debian.org`** URLs with a specific timestamp (`http://snapshot.debian.org/archive/debian/20260301T000000Z/`) — content-addressed, immutable |
low line 184
External URL reference
SourceSKILL.md
| 184 | --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ |
Scanned on Jun 8, 2026
View Security DashboardGitHub Stars 144
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
claude-codecursorwindsurfclineroo-codeampcodexgoosetraeopencodeaideropenclawmanusdevopsbackendapicross-platformdevops-srebackend-developersecurity-engineerproduct-managertechnical-pmdevelopmentproduct
jmagly/aiwg