Flo5k5 Tools
Scan monorepos for npm, PyPI, Docker, Go, Rust, and NuGet supply-chain risk—including AI agent config checks—before you ship or deploy.
Overview
flo5k5-tools is a plugin marketplace for the Ship phase that provides monorepo supply-chain scanning across major package ecosystems plus AI agent config checks via supply-chain-scan.
What is this marketplace?
- supply-chain-scan plugin v0.3.0 for monorepo-aware dependency scanning
- Covers npm, PyPI, Docker, Go, Rust, and NuGet ecosystems
- Build-manifest and AI-agent-config auto-exec checks for emerging compromise vectors
- Flo5k5-maintained Claude Code plugin focused on supply chain, not generic lint
- Single-plugin flo5k5-tools marketplace for security-oriented agent workflows
- Marketplace lists 1 plugin: supply-chain-scan v0.3.0
Community signal: 1 GitHub stars.
What problem does it solve?
Polyglot monorepos hide compromised dependencies and dangerous agent configs until after release because manual audit of every manifest and toolchain is too slow for one person.
Who is it for?
Solo builders shipping from monorepos who want agent-assisted dependency and agent-config security passes across npm, Python, containers, and native ecosystems.
Skip if: Teams wanting only SAST on application code, or projects with a single tiny dependency tree and no agent tooling to audit.
What do I get? / Deliverables
After install, Claude Code can run supply-chain-scan to flag ecosystem-specific risks and suspicious build or agent auto-exec surfaces before you merge or deploy.
- Installed supply-chain-scan v0.3.0 plugin
- Scan reports across listed ecosystems and build manifests
- Action list for dependency and agent-config hardening before ship
Plugins in this marketplace
1 plugin — install individually after you add the marketplace.
Recommended Marketplaces
Journey fit
Supply-chain and dependency manifest scanning is a pre-release safety gate, so Ship is the canonical home even when you run scans continuously in Operate. The plugin targets vulnerability and compromise vectors (e.g. Shai-Hulud/Miasma-style checks), which aligns with the security subphase under Ship.
How it compares
Supply-chain security Claude plugin, not a general DevOps deploy skill or marketplace of unrelated utilities.
Common Questions / FAQ
Who is Flo5k5 Tools for?
Indie developers and small teams using Claude Code who need monorepo supply-chain coverage across multiple package managers and container images.
When should I use Flo5k5 Tools?
Run it in Ship before releases, after adding dependencies, or when hardening AI agent repos that include auto-exec config surfaces.
How do I add Flo5k5 Tools to my agent?
Register the Flo5k5 supply-chain-scan marketplace in Claude Code and enable the supply-chain-scan plugin, then point it at your monorepo root for scans.