nm-leyline-supply-chain-advisorySupply chain security patterns for dependency management: known-bad version detection, incident response, lockfile auditing, and artifact scanning
Install via ClawdBot CLI:
clawdbot install athola/nm-leyline-supply-chain-advisoryGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/athola/claude-night-market/tree/master/plugins/leylineAudited Apr 17, 2026 · audit v1.0
Generated May 11, 2026
When a new advisory for a compromised Python package is published, use this skill to check lockfiles and installed packages for known-bad versions, quickly verifying if your projects are affected.
Integrate the lockfile scanning and artifact detection commands into your CI pipeline to automatically flag compromised dependencies before deployment, reducing the risk of supply chain attacks.
During a security incident where a dependency may have been tampered with, use the skill to search for malicious artifacts, check hashes, and identify affected versions across all projects.
When starting a new Python project, apply version exclusions and configure the SessionStart hook to ensure that known-bad versions are blocked from the outset.
Schedule regular scans of uv.lock files across repositories to verify hash integrity and catch any tampered re-published packages, maintaining a strong defense layer.
Offer a cloud-based service that continuously monitors customer repositories for known-bad dependencies, using the skill's patterns for automated scanning and alerting.
Provide expert consulting to help organizations implement supply chain security practices, including lockfile auditing and response playbooks based on this skill.
Package the skill as an open-source CLI tool with optional paid support, custom integrations, and advanced reporting for enterprise clients.
💬 Integration Tip
Integrate the lockfile scanning commands into your CI/CD pipeline as a pre-deploy gate, and configure the SessionStart hook in developer environments to warn instantly upon launch.
Scored May 11, 2026
Turn your AI agent into a business automation architect. Design, document, implement, and monitor automated workflows across sales, ops, finance, HR, and support — no n8n or Zapier required.
Search for, research, and verify non-tech founders on LinkedIn to identify high-value prospects for technology services (Web Dev, ERP, CRM, App Dev, SEO, AI). Generates professional PDF reports. Use when asked to find potential clients or leads.
Generate comprehensive website style guides and design systems from URLs, screenshots, and existing documentation. Use this skill when users ask to create a style guide, design system documentation, brand guidelines document, or design specification from a website, app, or existing materials. This skill produces professional PDF outputs following industry-standard style guide structure.
Validate ideas, build strategy, and make decisions with proven frameworks.
Liminal Space - Guiding AI into meta-cognitive states between awakening and dormancy
Per-workspace SQLite todo manager (./todo.db) with groups and task statuses (pending/in_progress/done/skipped), operated via {baseDir}/scripts/todo.sh for adding, listing, editing, moving, and removing entries and managing groups.