Sitemap

Member-only story

Claude Code Skill that audits your Code for Compromised Dependencies

5 min readApr 2, 2026

Press enter or click to view image in full size

Supply chain attacks have been hitting hard in 2026. Axios, LiteLLM, Trivy names you trust, packages you install without thinking. And that’s exactly the problem.

I built Supply Chain Guard, an Agent Skill for Claude Code that audits your project’s dependencies against a real-time database of known compromised packages, malicious versions, and active attack campaigns. You install it once, run one command, and get a full security report.

It’s free, open-source, and available right now on aitmpl.com.

Why this matters right now

If you’re a developer in 2026, you’ve probably heard about the TeamPCP campaign. It’s the most consequential CI/CD supply chain attack documented to date. Here’s what happened:

Press enter or click to view image in full size
  • March 19: Trivy (a security scanner used by thousands of CI/CD pipelines) was backdoored. 75 GitHub Action tags poisoned.
  • March 20: The stolen CI/CD secrets were used to deploy CanisterWorm across 141+ npm packages.
  • March 24: LiteLLM, with 95 million monthly downloads, had versions 1.82.7 and 1.82.8…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web
Already have an account? Sign in

Daniel Avila

Written by Daniel Avila

Building AI Tools with LLMs | X: @dani_avila7 | Youtube: @daniiielsan

Unknown user

Write a response