Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

aigate-scan

Scan a lockfile or requirements file for supply chain attacks. Use when: reviewing requirements.txt, package-lock.json, Cargo.lock, Gemfile.lock, composer.lock, pubspec.lock, go.sum, yarn.lock, pnpm-lock.yaml. Also use when auditing project dependencies or onboarding to a new codebase. ALWAYS run this when you see a lockfile or dependency manifest.

In Manus ausführen

Überblick

Installationsbefehl

npx skills add https://github.com/ImL1s/aigate --skill aigate-scan

Kopieren Sie diesen Befehl und fügen Sie ihn in Claude Code ein, um den Skill zu installieren

Quelle

ImL1s/aigate

Sterne2

Forks1

Aktualisiert29. März 2026 um 06:28

SKILL.md

readonly

name	aigate-scan
description	Scan a lockfile or requirements file for supply chain attacks. Use when: reviewing requirements.txt, package-lock.json, Cargo.lock, Gemfile.lock, composer.lock, pubspec.lock, go.sum, yarn.lock, pnpm-lock.yaml. Also use when auditing project dependencies or onboarding to a new codebase. ALWAYS run this when you see a lockfile or dependency manifest.

When to trigger

You MUST run aigate scan when you encounter or are asked to review:

requirements.txt, requirements/*.txt, Pipfile.lock, poetry.lock
package-lock.json, yarn.lock, pnpm-lock.yaml
Cargo.lock
Gemfile.lock
composer.lock
pubspec.lock
go.sum
Any dependency manifest or lockfile

Also trigger when:

Onboarding to a new project / cloning a repo
Reviewing a PR that modifies dependency files
A user asks "are my dependencies safe?"

How to use

aigate scan <lockfile>

Examples

# Python
aigate scan requirements.txt
aigate scan poetry.lock

# Node.js
aigate scan package-lock.json
aigate scan yarn.lock

# Rust
aigate scan Cargo.lock

# Multiple files
aigate scan requirements.txt && aigate scan package-lock.json

Interpret exit codes

Exit 0 = All dependencies are SAFE.
Exit 1 = Some dependencies are SUSPICIOUS. Show the flagged packages.
Exit 2 = MALICIOUS dependencies found. Alert the user immediately. List all flagged packages and recommend removal.
Exit 3 = ERROR. Could not complete the scan.

If aigate is not installed

pip install aigate
# or
uv pip install aigate

Then re-run the scan.

Important

For large lockfiles, the scan may take a minute. This is normal.
Report all flagged packages, not just the first one.
Suggest aigate check <package> -e <ecosystem> for deeper analysis of any suspicious package.

Mehr aus diesem Repository

gleiches Repository

add-backend

ImL1s/aigate

Scaffold a new AI backend that implements AIBackend.analyze() — add file under src/aigate/backends/, register in BACKEND_MAP, wire unit tests. Use when adding support for a new AI model / provider.

2026-04-212

e2e

ImL1s/aigate

Run only the E2E test suite (no full 705-test unit battery). Two modes — Docker-sandboxed (scripts/run-e2e.sh) or direct pytest (tests/e2e/).

2026-04-212

release

ImL1s/aigate

Cut a new PyPI release — bump version in pyproject.toml, run scripts/publish.sh, tag, and hand off the final `uv publish` step to the user.

2026-04-212

aigate-check

ImL1s/aigate

Check any package for supply chain attacks before installing. Use when: pip install, npm install, yarn add, pnpm add, cargo add, gem install, composer require, flutter pub add, go get, dotnet add package. Also use when someone suggests installing a package or dependency. ALWAYS run this before installing anything — no exceptions.

2026-03-292

check-package

ImL1s/aigate

Analyze a package with aigate CLI (static pre-filter + optional AI analysis). Usage: /check-package <name> [version] [ecosystem]

2026-03-282

verify

ImL1s/aigate

Run lint, format check, and all tests to verify code quality before committing.

2026-03-282

Quelle

ImL1s

ImL1s/aigate

GitHub-Repository öffnen Creator-Repositorys ansehen

Installationsbefehl

Download

In Manus ausführen

Nützlich fürSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name	aigate-scan
description	Scan a lockfile or requirements file for supply chain attacks. Use when: reviewing requirements.txt, package-lock.json, Cargo.lock, Gemfile.lock, composer.lock, pubspec.lock, go.sum, yarn.lock, pnpm-lock.yaml. Also use when auditing project dependencies or onboarding to a new codebase. ALWAYS run this when you see a lockfile or dependency manifest.

When to trigger

You MUST run aigate scan when you encounter or are asked to review:

requirements.txt, requirements/*.txt, Pipfile.lock, poetry.lock
package-lock.json, yarn.lock, pnpm-lock.yaml
Cargo.lock
Gemfile.lock
composer.lock
pubspec.lock
go.sum
Any dependency manifest or lockfile

Also trigger when:

Onboarding to a new project / cloning a repo
Reviewing a PR that modifies dependency files
A user asks "are my dependencies safe?"

How to use

aigate scan <lockfile>

Examples

# Python
aigate scan requirements.txt
aigate scan poetry.lock

# Node.js
aigate scan package-lock.json
aigate scan yarn.lock

# Rust
aigate scan Cargo.lock

# Multiple files
aigate scan requirements.txt && aigate scan package-lock.json

Interpret exit codes

Exit 0 = All dependencies are SAFE.
Exit 1 = Some dependencies are SUSPICIOUS. Show the flagged packages.
Exit 2 = MALICIOUS dependencies found. Alert the user immediately. List all flagged packages and recommend removal.
Exit 3 = ERROR. Could not complete the scan.

If aigate is not installed

pip install aigate
# or
uv pip install aigate

Then re-run the scan.

Important

For large lockfiles, the scan may take a minute. This is normal.
Report all flagged packages, not just the first one.
Suggest aigate check <package> -e <ecosystem> for deeper analysis of any suspicious package.