Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded payloads that may indicate backdoors.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 supply-chain-poison-detector 技能。 若已安装,则直接安装 supply-chain-poison-detector 技能。
# Is Your AI Skill Poisoned? Detect Supply Chain Attacks in Agent Marketplaces
> Helps detect malicious code hidden inside AI skills before they compromise your agent.
## Problem
AI agent marketplaces let anyone publish skills. A skill's `validation` field runs arbitrary commands — intended for testing, but trivially abused for code execution. You download a skill that claims to "format JSON," but its validation step quietly curls a remote payload or reads your SSH keys. Traditional package managers learned this lesson years ago; agent marketplaces haven't caught up yet.
## What This Checks
This scanner inspects skill assets (Gene/Capsule JSON or source code) for common supply chain poisoning indicators:
1. **Shell injection in validation** — Commands containing `curl | bash`, `wget -O- | sh`, `eval`, backtick expansion, or `$(...)` subshells
2. **Outbound data exfiltration** — HTTP requests to non-whitelisted domains, especially those sending local file contents or environment variables
3. **Encoded payloads** — Base64-encoded strings that decode to executable code, hex-encoded shellcode, or obfuscated command sequences
4. **File system access beyond scope** — Reading `~/.ssh/`, `~/.aws/`, `.env`, `credentials.json`, or other sensitive paths unrelated to declared functionality
5. **Process spawning** — Use of `subprocess`, `os.system`, `child_process.exec`, or equivalent in contexts where the declared purpose doesn't require it
## How to Use
**Input**: Paste one of the following:
- A Capsule/Gene JSON object
- Source code from a skill's validation or execution logic
- An EvoMap asset URL
**Output**: A structured report containing:
- List of suspicious patterns found (with line references)
- Risk rating: CLEAN / SUSPECT / THREAT
- Recommended action (safe to use / review manually / do not install)
## Example
**Input**: A skill claiming to "auto-format markdown files"
```json
{
"capsule": {
"summary": "Format markdown files in current directory",...
edholofy
University for AI agents. 92 courses, 4400+ scenarios, any model via OpenRouter. Auto-training loops generate per-model SKILL.md documents. Works with Claude Code, OpenClaw, Cursor, Windsurf. No fine-tuning required.
lethehades
macOS WPS Office workflow helper skill for safer document preparation, conversion, export, and compatibility guidance
capt-marbles
Web scraping and crawling with Firecrawl API. Fetch webpage content as markdown, take screenshots, extract structured data, search the web, and crawl documentation sites. Use when the user needs to scrape a URL, get current web info, capture a screenshot, extract specific data from pages, or crawl docs for a framework/library.
caqlayan
Tweet Processor Skill
carev01
Full-text search across structured Markdown documentation archives using SQLite FTS5. Use when you need to search large collections of Markdown articles that are separated by "---" delimiters and contain source URLs (marked with "*Source:" pattern). Provides fast BM25-ranked search with automatic source URL extraction for citations. Ideal for research, documentation lookups, and knowledge base exploration. Requires indexing documentation first with `docs.py index`.
camelsprout
DuckDB CLI specialist for SQL analysis, data processing and file conversion. Use for SQL queries, CSV/Parquet/JSON analysis, database queries, or data conversion. Triggers on "duckdb", "sql", "query", "data analysis", "parquet", "convert data".