Skip to main content
SkillJury
Back to the directory
trailofbits/skillsSoftware EngineeringFrontend and Design

supply-chain-risk-auditor

Identifies high-risk dependencies vulnerable to exploitation or takeover through systematic supply chain analysis.

SkillJury keeps community verdicts, source metadata, and external repository signals in separate lanes so ranking data never pretends to be a review.

SkillJury verdict
Pending

No approved reviews yet

Would recommend
Pending

Waiting on enough review volume

Install signal
2

Weekly or total install activity from catalog data

Sign in to review
0 review requests
Install command
npx skills add https://github.com/trailofbits/skills --skill supply-chain-risk-auditor
SkillJury does not have enough approved reviews to publish a community verdict yet. Source metadata and repository proof are still available above.
SkillJury Signal Summary

As of Apr 30, 2026, supply-chain-risk-auditor has 2 weekly installs, 0 community reviews on SkillJury. Community votes currently stand at 0 upvotes and 0 downvotes. Source: trailofbits/skills. Canonical URL: https://skills.sh/trailofbits/skills/supply-chain-risk-auditor.

Security audits
Gen Agent Trust HubPASS
SocketPASS
SnykWARN
About this skill
Identifies high-risk dependencies vulnerable to exploitation or takeover through systematic supply chain analysis. Activates when the user says "audit this project's dependencies". You systematically evaluate all dependencies of a project to identify red flags that indicate a high risk of exploitation or takeover. You generate a summary report noting these issues. A dependency is considered high-risk if it features any of the following risk factors: Ensure that the gh tool is available before continuing. Ask the user to install if it is not found. You achieve your purpose by: NOTE: Do not add sections beyond those noted in results-template.md . - Evaluates all project dependencies against six risk criteria: single maintainers, unmaintained status, low popularity, high-risk features (FFI, deserialization), past CVEs, and missing security contacts - Uses the gh CLI tool to query accurate GitHub metrics (stars, open issues, maintainer info) for each dependency - Generates a structured markdown report with flagged high-risk dependencies, suggested alternatives, risk factor counts, and actionable recommendations - Designed for pre-audit scoping and supply chain attack surface assessment, not active vulnerability scanning - Assessing dependency risk before a security audit - Evaluating supply chain attack surface of a project - Identifying unmaintained or risky dependencies -...

Source description provided by the upstream listing. Community review signal and install context stay separate from this narrative layer.

Community reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context
FAQ
What does supply-chain-risk-auditor do?

Identifies high-risk dependencies vulnerable to exploitation or takeover through systematic supply chain analysis.

Is supply-chain-risk-auditor good?

supply-chain-risk-auditor does not have approved reviews yet, so SkillJury cannot publish a community verdict.

Which AI agents support supply-chain-risk-auditor?

supply-chain-risk-auditor currently lists compatibility with Skills CLI.

Is supply-chain-risk-auditor safe to install?

supply-chain-risk-auditor has been scanned by security audit providers tracked on SkillJury. Check the security audits section on this page for detailed results from Socket.dev and Snyk.

What are alternatives to supply-chain-risk-auditor?

Skills in the same category include grimoire-morpho-blue, conversation-memory, second-brain-ingest, zai-tts.

How do I install supply-chain-risk-auditor?

Run the following command to install supply-chain-risk-auditor: npx skills add https://github.com/trailofbits/skills --skill supply-chain-risk-auditor

grimoire-morpho-blueconversation-memorysecond-brain-ingestzai-tts
Related skills

More from trailofbits/skills

trailofbits/skills/Software Engineering

dimensional-analysis

This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units, precisions, or scaling factors. The main skill context is a workflow controller only: it delegates scanning, vocabulary discovery, annotation, propagation, and validation to specialized subagents,...

Weekly installs
806
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

ask-questions-if-underspecified

Ask clarifying questions before implementing when requirements are ambiguous or incomplete.

Weekly installs
3
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

modern-python

Modern Python project setup with uv, ruff, and ty for Python 3.11+.

Weekly installs
3
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
trailofbits/skills/Software Engineering

semgrep

Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.

Weekly installs
3
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills
Related skills

Alternatives in Software Engineering

franalgaba/grimoire/Software Engineering

grimoire-morpho-blue

Query Morpho Blue deployment metadata and vault snapshots via the Grimoire CLI.

Weekly installs
999
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource franalgaba/grimoire
sickn33/antigravity-awesome-skills/Software Engineering

conversation-memory

Persistent memory systems for LLM conversations with tiered storage and intelligent retrieval.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource sickn33/antigravity-awesome-skills
nicholasspisak/second-brain/Software Engineering

second-brain-ingest

Process raw source documents into structured, interlinked wiki pages.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringWriting and ContentNo reviews yetSource nicholasspisak/second-brain
aahl/skills/Software Engineering

zai-tts

High-quality text-to-speech audio generation using GLM-TTS with customizable voices and playback parameters.

Weekly installs
998
Community vote
0
0 up / 0 down
Freshness
Synced Apr 30, 2026
Software EngineeringFrontend and DesignNo reviews yetSource aahl/skills