ai-supply-chain-security
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its security-scanner purpose, but it may inspect global package-manager configs containing registry tokens without clearly documenting redaction or report handling.
This appears to be a real security scanner rather than obviously malicious code, but treat it as a tool that can read sensitive project and package-manager configuration. Run it on selected directories, review generated reports before sharing, and avoid enabling webhook/email notifications unless you have confirmed secret redaction.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A scan could read credential-adjacent package-manager configuration, and careless report sharing could expose sensitive registry configuration or tokens if values are included.
This documents scanning account/package-manager configuration that may contain registry tokens or credential-related settings, including global configs. The artifacts do not clearly state whether sensitive values are redacted from reports or notifications.
`.npmrc`: ... Hardcoded `_authToken` values (CRITICAL) ... `always-auth=true` credential exposure ... `pip.conf / pip.ini`: ... Scans both project-level and global system config
Run it only on intended projects, inspect generated reports before sharing, avoid enabling webhooks until redaction is confirmed, and prefer a least-privilege environment for scans.
Installing/running the skill executes local scanner code on your machine.
The Node wrapper executes local Python commands to run the scanner. This is central to the CLI purpose and uses argument arrays rather than a shell pipeline.
const result = require('child_process').spawnSync(cmd, ['--version']); ... const child = spawn(pythonCmd, pythonArgs, { stdio: 'inherit', cwd: scriptDir });Run it from a trusted copy of the skill and pass explicit scan and output paths.
Dependency resolution can change over time, which matters for a security scanner that users may trust with private projects.
The Python dependencies are specified with lower-bound version ranges, so a fresh install may resolve to newer package versions not pinned by the artifact.
pyyaml>=6.0 colorama>=0.4.6 watchdog>=3.0.0
Review or pin dependencies in your environment if you use this in CI or on sensitive repositories.
If enabled, security findings may be sent outside the local machine or repository.
The configuration supports sending notifications to external webhook services, but the feature is disabled by default and uses an environment-provided URL.
webhook:
enabled: false
url_env: SECURITY_WEBHOOK_URL
type: slack # slack | discord | dingtalk | customEnable webhooks only with a trusted endpoint and after confirming reports do not include secrets.
Watch mode can continue reading changed project files while the process is running.
The skill supports continuous monitoring when explicitly invoked with watch mode. The artifacts present it as a user-directed mode, not hidden persistence.
python ai-scanner.py --watch # Watch mode
Use watch mode only in directories you intend to monitor and stop the process when scanning is complete.