Supply Chain Guard
Software development skill, available on Zeplik
Supply Chain Guard is a ready-to-run software development skill on Zeplik. Detect and remediate supply-chain attacks in npm, PyPI, crates.io, GitHub Actions: compromised packages, IOCs, C2. Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
The Supply Chain Guard skill loads automatically when your request matches it, or you can invoke it directly by typing /supply-chain-guard in any chat. It works with attachments, connectors, and any model that supports the task, so you get the same expert method every time without setting anything up.
What the Supply Chain Guard skill can do
- Scan npm, PyPI, and crates.io dependencies for known compromised packages
- Detect filesystem and network IOCs left by supply-chain attackers
- Audit GitHub Actions and CI/CD pipelines for misconfigurations and exposed secrets
- Guide remediation and hardening steps after a compromise is found
Try these prompts on Zeplik
Pick a prompt to open it in the Zeplik app. If you are not signed in yet, your prompt is waiting for you the moment you do.
How the Supply Chain Guard skill works
Supply Chain Guard
Automated detection and remediation of software supply chain attacks across npm, PyPI, crates.io, GitHub Actions, and CI/CD pipelines. Built from real-world attack intelligence gathered through March 31, 2026.
When to Use This Skill
Use this skill when:
- The user asks to audit a project's dependencies for security issues
- Before deploying code to production
- When investigating a potential supply chain compromise
- When the user mentions a recent supply chain attack and wants to check their projects
- As a regular security check in development workflows
- When setting up CI/CD pipelines and wanting to harden them
- When a new supply chain attack is reported and the user wants to verify exposure
Instructions
Step 1: Understand the Project
Identify what the user's project uses:
- Node.js/npm: Look for
package.json,package-lock.json,yarn.lock,pnpm-lock.yaml - Python/PyPI: Look for
requirements.txt,Pipfile,pyproject.toml,poetry.lock - Rust/crates.io: Look for
Cargo.toml,Cargo.lock - CI/CD: Look for
.github/workflows/,Dockerfile,docker-compose.yml
Step 2: Run the Appropriate Scanners
The skill includes three specialized scanners plus a unified runner. All scripts are in the scripts/ directory.
Full audit (recommended):
bash /path/to/supply-chain-guard/scripts/scan-all.sh /path/to/project
Individual scanners:
# npm/Node.js projects
bash /path/to/supply-chain-guard/scripts/scan-npm.sh /path/to/project
# Python/PyPI projects
bash /path/to/supply-chain-guard/scripts/scan-python.sh /path/to/project
# CI/CD pipeline audit
bash /path/to/supply-chain-guard/scripts/scan-ci.sh /path/to/project
Each scanner checks for:
- Known compromised packages — exact matches against the IOC database
- Malicious versions — specific version numbers known to contain malware
- Filesystem IOCs — persistence mechanisms left by attackers
- Network IOCs — C2 domains and IPs in source code
- CI/CD misconfigurations — unpinned actions, dangerous triggers, exposed secrets
- Credential exposure — npm tokens, PyPI credentials, .env files
Step 3: Interpret Results
Scanners exit with the number of issues found (0 = clean). Issues are categorized:
- [CRITICAL] — Known malicious package or active IOC detected. Immediate action required.
- [WARNING] — Security concern that needs investigation. May not be an active compromise.
Step 4: Remediate
Based on findings, guide the user through remediation:
If a compromised package is found:
- Remove or downgrade to a known safe version immediately
- Clear package caches:
npm cache clean --force/pip cache purge - Delete
node_modules/.venvand reinstall from lockfile - Rotate ALL credentials that were accessible from the environment
If filesystem IOCs are found:
- The system should be treated as fully compromised
- Identify and remove persistence mechanisms (systemd services, .pth files, cron jobs)
- Rotate every credential on the system
- Audit cloud provider logs (AWS CloudTrail, GCP Audit Logs, Azure Activity Log)
- Check for lateral movement in Kubernetes clusters
- Consider reimaging the machine
If CI/CD issues are found:
- Pin all GitHub Actions to full commit SHAs (not version tags)
- Add
--ignore-scriptsto npm install/ci commands - Add
--require-hashesto pip install commands - Remove or secure
pull_request_targettriggers - Apply least-privilege permissions to workflow tokens
- Audit pipeline execution logs for the attack window periods
Step 5: Harden the Project
After remediation, recommend these preventive measures:
- Lock everything: Exact version pins + lockfiles committed to repo
- Hash-verify: Use
npm ci(notnpm install),pip install --require-hashes - Disable scripts: Use
--ignore-scriptsby default, enable only for trusted packages - Pin actions: All GitHub Actions pinned to full SHA, never tags
- Scope tokens: CI/CD tokens should have minimal permissions
- Monitor: Set up automated dependency scanning (but verify the scanner itself is not compromised — see Trivy incident)
- Network controls: Block known C2 domains/IPs at firewall level
- Audit regularly: Run this scanner before every deployment
Reference Files
references/ioc-database.md— Full IOC database with all compromised packages, malicious versions, C2 infrastructure, filesystem indicators, and attack timelines. Read this file for detailed intelligence on specific attacks.
Current Threat Landscape (as of 2026-03-31)
Active Campaign: TeamPCP (CRITICAL)
The most significant active threat. TeamPCP is executing a cascading credential-chain campaign:
- Compromised Trivy (security scanner) → stole CI/CD secrets from thousands of pipelines
- Used stolen npm tokens to deploy CanisterWorm across 141+ npm packages
- Used stolen PyPI tokens to backdoor LiteLLM (95M monthly downloads) and Telnyx
- Uses blockchain (ICP) for C2, making takedown impossible
- Deploys WAV steganography for payload delivery
- Targets Kubernetes for lateral movement
- Has a destructive variant that wipes Iranian systems
Active: axios npm Hijack (2026-03-31)
- [email protected] and [email protected] contain RAT dropper via fake
plain-crypto-jsdependency - 300M+ weekly downloads makes this extremely high-impact
- Cross-platform RAT for macOS, Windows, and Linux
- Compromised maintainer account (jasonsaayman)
Recent: Malicious Rust Crates (2026-02/03)
- 5 crates impersonating time utilities on crates.io
- Steal .env files, AWS credentials, SSH keys
- First significant supply chain attack targeting Rust ecosystem
Historical but Relevant: Shai-Hulud Worm
- Self-replicating npm worm that compromised ~1000 packages
- Targets npm tokens for self-propagation
- Destructive fallback: wipes home directory if exfiltration fails
Updating the IOC Database
When new supply chain attacks are reported:
- Search for the latest advisories from Socket, Aikido, Endor Labs, Snyk, JFrog
- Update
references/ioc-database.mdwith new packages, versions, domains, IPs - Update the scanner scripts with new package entries in the MALICIOUS_* arrays
- Update the
ioc-db-datein the SKILL.md frontmatter
How to use the Supply Chain Guard skill
Sign in to Zeplik
Create a free Zeplik account or sign in. New accounts start with free credits, so you can try the Supply Chain Guard skill right away.
Describe your software development task
Ask in plain language, or type /supply-chain-guard to invoke the skill directly. Zeplik recognizes the Supply Chain Guard skill and applies its method.
Review and refine the result
Zeplik returns a clear, structured answer. Ask follow-ups in the same chat to refine it or take the next step.
Source and credit
- Author
- davila7 (D7 Class-A standalone)
- License
- MIT
Adapted from the open-source davila7/claude-code-templates project and tuned to run natively on Zeplik. View source on GitHub.
Frequently asked questions
- What is the Supply Chain Guard skill?
- Supply Chain Guard is a ready-to-run software development skill on Zeplik. Detect and remediate supply-chain attacks in npm, PyPI, crates.io, GitHub Actions: compromised packages, IOCs, C2. Ask in plain language and Zeplik applies the skill's method for you inside the conversation, on whichever AI model you prefer.
- How do I use Supply Chain Guard on Zeplik?
- Sign in to Zeplik and ask in plain language, or type /supply-chain-guard in any chat to invoke it directly. The skill applies its method and returns a result you can refine in the same conversation.
- Which AI model does the Supply Chain Guard skill use?
- Any model you choose. Zeplik works across every model in one chat, so the Supply Chain Guard skill runs on your preferred model for the task.
- Where does the Supply Chain Guard skill come from?
- The Supply Chain Guard skill is adapted from the open-source davila7/claude-code-templates project (MIT) and tuned to run natively on Zeplik. The original source is linked on this page.
- How much does the Supply Chain Guard skill cost?
- Using the skill is free to start. You only spend Zeplik credits when the assistant runs, and new accounts begin with free credits.
Related software development skills
- .NET BackendBuild ASP.NET Core 8+ backends with EF Core: auth, background jobs, production API patterns
- Advanced Git WorkflowsUse for advanced Git surgery: interactive rebase, cherry-pick, bisect, reflog recovery, and history cleanup before merging. Not for parallel worktree workflows (use using-git-worktrees).
- Adversarial Code ReviewHunt for bugs in code the user shares by assuming defects exist and attacking the code through several distinct lenses, then report severity-ranked findings with evidence. Use for "review this", "what could go wrong", "bug hunt", or pre-merge scrutiny of a change. Read-only, it reports problems and does not rewrite the code. Not for style cleanup (use simplify-code) or for writing new code.
- AI Agent FrameworksUse when building multi-agent systems or agent orchestration -- LangChain/LangGraph, agent team design, task coordination, pipelines. Not for authoring a Zeplik skill (use skill-creator).
- Algolia SearchAdd Algolia search: indexing strategies, React InstantSearch, relevance tuning, search-as-you-type
- Android CI/CDAutomate Android CI/CD to Google Play: keystore, GitHub Secrets, multi-stage release workflow for RN, Flutter, native
More on Zeplik
Try Supply Chain Guard on Zeplik
Every model, one chat. Bring the Supply Chain Guard skill into your next conversation and let the assistant do the work.