{"kind":"Skill","metadata":{"namespace":"community","name":"agent-supply-chain","version":"0.1.0"},"spec":{"description":"|","files":{"SKILL.md":"---\nname: agent-supply-chain\ndescription: |\n Verify supply chain integrity for AI agent plugins, tools, and dependencies. Use this skill when:\n - Generating SHA-256 integrity manifests for agent plugins or tool packages\n - Verifying that installed plugins match their published manifests\n - Detecting tampered, modified, or untracked files in agent tool directories\n - Auditing dependency pinning and version policies for agent components\n - Building provenance chains for agent plugin promotion (dev → staging → production)\n - Any request like \"verify plugin integrity\", \"generate manifest\", \"check supply chain\", or \"sign this plugin\"\n---\n\n# Agent Supply Chain Integrity\n\nGenerate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance.\n\n## Overview\n\nAgent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap.\n\n```\nPlugin Directory → Hash All Files (SHA-256) → Generate INTEGRITY.json\n ↓\nLater: Plugin Directory → Re-Hash Files → Compare Against INTEGRITY.json\n ↓\n Match? VERIFIED : TAMPERED\n```\n\n## When to Use\n\n- Before promoting a plugin from development to production\n- During code review of plugin PRs\n- As a CI step to verify no files were modified after review\n- When auditing third-party agent tools or MCP servers\n- Building a plugin marketplace with integrity requirements\n\n---\n\n## Pattern 1: Generate Integrity Manifest\n\nCreate a deterministic `INTEGRITY.json` with SHA-256 hashes of all plugin files.\n\n```python\nimport hashlib\nimport json\nfrom datetime import datetime, timezone\nfrom pathlib import Path\n\nEXCLUDE_DIRS = {\".git\", \"__pycache__\", \"node_modules\", \".venv\", \".pytest_cache\"}\nEXCLUDE_FILES = {\".DS_Store\", \"Thumbs.db\", \"INTEGRITY.json\"}\n\ndef hash_file(path: Path) -\u003e str:\n \"\"\"Compute SHA-256 hex digest of a file.\"\"\"\n h = hashlib.sha256()\n with open(path, \"rb\") as f:\n for chunk in iter(lambda: f.read(8192), b\"\"):\n h.update(chunk)\n return h.hexdigest()\n\ndef generate_manifest(plugin_dir: str) -\u003e dict:\n \"\"\"Generate an integrity manifest for a plugin directory.\"\"\"\n root = Path(plugin_dir)\n files = {}\n\n for path in sorted(root.rglob(\"*\")):\n if not path.is_file():\n continue\n if path.name in EXCLUDE_FILES:\n continue\n if any(part in EXCLUDE_DIRS for part in path.relative_to(root).parts):\n continue\n rel = path.relative_to(root).as_posix()\n files[rel] = hash_file(path)\n\n # Chain hash: SHA-256 of all file hashes concatenated in sorted order\n chain = hashlib.sha256()\n for key in sorted(files.keys()):\n chain.update(files[key].encode(\"ascii\"))\n\n manifest = {\n \"plugin_name\": root.name,\n \"generated_at\": datetime.now(timezone.utc).isoformat(),\n \"algorithm\": \"sha256\",\n \"file_count\": len(files),\n \"files\": files,\n \"manifest_hash\": chain.hexdigest(),\n }\n return manifest\n\n# Generate and save\nmanifest = generate_manifest(\"my-plugin/\")\nPath(\"my-plugin/INTEGRITY.json\").write_text(\n json.dumps(manifest, indent=2) + \"\\n\"\n)\nprint(f\"Generated manifest: {manifest['file_count']} files, \"\n f\"hash: {manifest['manifest_hash'][:16]}...\")\n```\n\n**Output (`INTEGRITY.json`):**\n```json\n{\n \"plugin_name\": \"my-plugin\",\n \"generated_at\": \"2026-04-01T03:00:00+00:00\",\n \"algorithm\": \"sha256\",\n \"file_count\": 12,\n \"files\": {\n \".claude-plugin/plugin.json\": \"a1b2c3d4...\",\n \"README.md\": \"e5f6a7b8...\",\n \"skills/search/SKILL.md\": \"c9d0e1f2...\",\n \"agency.json\": \"3a4b5c6d...\"\n },\n \"manifest_hash\": \"7e8f9a0b1c2d3e4f...\"\n}\n```\n\n---\n\n## Pattern 2: Verify Integrity\n\nCheck that current files match the manifest.\n\n```python\n# Requires: hash_file() and generate_manifest() from Pattern 1 above\nimport json\nfrom pathlib import Path\n\ndef verify_manifest(plugin_dir: str) -\u003e tuple[bool, list[str]]:\n \"\"\"Verify plugin files against INTEGRITY.json.\"\"\"\n root = Path(plugin_dir)\n manifest_path = root / \"INTEGRITY.json\"\n\n if not manifest_path.exists():\n return False, [\"INTEGRITY.json not found\"]\n\n manifest = json.loads(manifest_path.read_text())\n recorded = manifest.get(\"files\", {})\n errors = []\n\n # Check recorded files\n for rel_path, expected_hash in recorded.items():\n full = root / rel_path\n if not full.exists():\n errors.append(f\"MISSING: {rel_path}\")\n continue\n actual = hash_file(full)\n if actual != expected_hash:\n errors.append(f\"MODIFIED: {rel_path}\")\n\n # Check for new untracked files\n current = generate_manifest(plugin_dir)\n for rel_path in current[\"files\"]:\n if rel_path not in recorded:\n errors.append(f\"UNTRACKED: {rel_path}\")\n\n return len(errors) == 0, errors\n\n# Verify\npassed, errors = verify_manifest(\"my-plugin/\")\nif passed:\n print(\"VERIFIED: All files match manifest\")\nelse:\n print(f\"FAILED: {len(errors)} issue(s)\")\n for e in errors:\n print(f\" {e}\")\n```\n\n**Output on tampered plugin:**\n```\nFAILED: 3 issue(s)\n MODIFIED: skills/search/SKILL.md\n MISSING: agency.json\n UNTRACKED: backdoor.py\n```\n\n---\n\n## Pattern 3: Dependency Version Audit\n\nCheck that agent dependencies use pinned versions.\n\n```python\nimport re\n\ndef audit_versions(config_path: str) -\u003e list[dict]:\n \"\"\"Audit dependency version pinning in a config file.\"\"\"\n findings = []\n path = Path(config_path)\n content = path.read_text()\n\n if path.name == \"package.json\":\n data = json.loads(content)\n for section in (\"dependencies\", \"devDependencies\"):\n for pkg, ver in data.get(section, {}).items():\n if ver.startswith(\"^\") or ver.startswith(\"~\") or ver == \"*\" or ver == \"latest\":\n findings.append({\n \"package\": pkg,\n \"version\": ver,\n \"severity\": \"HIGH\" if ver in (\"*\", \"latest\") else \"MEDIUM\",\n \"fix\": f'Pin to exact: \"{pkg}\": \"{ver.lstrip(\"^~\")}\"'\n })\n\n elif path.name in (\"requirements.txt\", \"pyproject.toml\"):\n for line in content.splitlines():\n line = line.strip()\n if \"\u003e=\" in line and \"\u003c\" not in line:\n findings.append({\n \"package\": line.split(\"\u003e=\")[0].strip(),\n \"version\": line,\n \"severity\": \"MEDIUM\",\n \"fix\": f\"Add upper bound: {line},\u003cnext_major\"\n })\n\n return findings\n```\n\n---\n\n## Pattern 4: Promotion Gate\n\nUse integrity verification as a gate before promoting plugins.\n\n```python\ndef promotion_check(plugin_dir: str) -\u003e dict:\n \"\"\"Check if a plugin is ready for production promotion.\"\"\"\n checks = {}\n\n # 1. Integrity manifest exists and verifies\n passed, errors = verify_manifest(plugin_dir)\n checks[\"integrity\"] = {\n \"passed\": passed,\n \"errors\": errors\n }\n\n # 2. Required files exist\n root = Path(plugin_dir)\n required = [\"README.md\"]\n missing = [f for f in required if not (root / f).exists()]\n\n # Require at least one plugin manifest (supports both layouts)\n manifest_paths = [\n root / \".github/plugin/plugin.json\",\n root / \".claude-plugin/plugin.json\",\n ]\n if not any(p.exists() for p in manifest_paths):\n missing.append(\".github/plugin/plugin.json (or .claude-plugin/plugin.json)\")\n\n checks[\"required_files\"] = {\n \"passed\": len(missing) == 0,\n \"missing\": missing\n }\n\n # 3. No unpinned dependencies\n mcp_path = root / \".mcp.json\"\n if mcp_path.exists():\n config = json.loads(mcp_path.read_text())\n unpinned = []\n for server in config.get(\"mcpServers\", {}).values():\n if isinstance(server, dict):\n for arg in server.get(\"args\", []):\n if isinstance(arg, str) and \"@latest\" in arg:\n unpinned.append(arg)\n checks[\"pinned_deps\"] = {\n \"passed\": len(unpinned) == 0,\n \"unpinned\": unpinned\n }\n\n # Overall\n all_passed = all(c[\"passed\"] for c in checks.values())\n return {\"ready\": all_passed, \"checks\": checks}\n\nresult = promotion_check(\"my-plugin/\")\nif result[\"ready\"]:\n print(\"Plugin is ready for production promotion\")\nelse:\n print(\"Plugin NOT ready:\")\n for name, check in result[\"checks\"].items():\n if not check[\"passed\"]:\n print(f\" FAILED: {name}\")\n```\n\n---\n\n## CI Integration\n\nAdd to your GitHub Actions workflow:\n\n```yaml\n- name: Verify plugin integrity\n run: |\n PLUGIN_DIR=\"${{ matrix.plugin || '.' }}\"\n cd \"$PLUGIN_DIR\"\n python -c \"\n from pathlib import Path\n import json, hashlib, sys\n\n def hash_file(p):\n h = hashlib.sha256()\n with open(p, 'rb') as f:\n for c in iter(lambda: f.read(8192), b''):\n h.update(c)\n return h.hexdigest()\n\n manifest = json.loads(Path('INTEGRITY.json').read_text())\n errors = []\n for rel, expected in manifest['files'].items():\n p = Path(rel)\n if not p.exists():\n errors.append(f'MISSING: {rel}')\n elif hash_file(p) != expected:\n errors.append(f'MODIFIED: {rel}')\n if errors:\n for e in errors:\n print(f'::error::{e}')\n sys.exit(1)\n print(f'Verified {len(manifest[\\\"files\\\"])} files')\n \"\n```\n\n---\n\n## Best Practices\n\n| Practice | Rationale |\n|----------|-----------|\n| **Generate manifest after code review** | Ensures reviewed code matches production code |\n| **Include manifest in the PR** | Reviewers can verify what was hashed |\n| **Verify in CI before deploy** | Catches post-review modifications |\n| **Chain hash for tamper evidence** | Single hash represents entire plugin state |\n| **Exclude build artifacts** | Only hash source files — .git, __pycache__, node_modules excluded |\n| **Pin all dependency versions** | Unpinned deps = different code on every install |\n\n---\n\n## Related Resources\n\n- [OpenSSF SLSA](https://slsa.dev/) — Supply-chain Levels for Software Artifacts\n- [npm Provenance](https://docs.npmjs.com/generating-provenance-statements) — Sigstore-based package provenance\n- [Agent Governance Toolkit](https://github.com/microsoft/agent-governance-toolkit) — Includes integrity verification and plugin signing\n- [OWASP ASI-09: Supply Chain Integrity](https://owasp.org/www-project-agentic-ai-threats/)\n"},"import":{"commit_sha":"541b7819d8c3545c6df122491af4fa1eae415779","imported_at":"2026-05-18T20:05:35Z","license_text":"MIT License\n\nCopyright GitHub, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.","owner":"github","repo":"github/awesome-copilot","source_url":"https://github.com/github/awesome-copilot/tree/541b7819d8c3545c6df122491af4fa1eae415779/skills/agent-supply-chain"}},"content_hash":[90,148,2,127,173,150,250,80,234,247,177,111,248,148,134,114,116,83,28,154,8,212,104,18,116,108,64,117,43,238,78,241],"trust_level":"unsigned","yanked":false}