Agent Supply Chain

Name: Agent Supply Chain
Author: github

github/awesome-copilot

Generate SHA-256 integrity manifests and verify agent plugins and MCP packages before you promote them to production.

Overview

Agent Supply Chain is an agent skill most often used in Ship (also Build agent-tooling, Operate infra) that generates and verifies SHA-256 integrity manifests for AI agent plugins and tools.

Install

npx skills add https://github.com/github/awesome-copilot --skill agent-supply-chain

What is this skill?

SHA-256 hashes every file in a plugin directory into an INTEGRITY.json manifest
Re-hash verification flags VERIFIED vs TAMPERED against the published manifest
Supports provenance chains for dev → staging → production plugin promotion
Covers dependency pinning audits and untracked-file detection in agent tool trees
Fills the gap where agent/MCP ecosystems lack npm-style provenance or SLSA

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 750 installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You install agent plugins and MCP servers with no standard provenance, so you cannot tell if files were tampered with after publish.

Who is it for?

Indie builders shipping custom Claude/Copilot plugins or auditing third-party agent tool folders before production use.

Skip if: Teams who only need generic npm audit or container scanning without agent-specific directory manifests.

When should I use this skill?

Generating SHA-256 manifests, verifying plugins match manifests, detecting tampered agent tool files, auditing dependency pinning, or building dev→staging→production provenance chains.

What do I get? / Deliverables

You get a verifiable INTEGRITY.json manifest and a clear VERIFIED or TAMPERED result before promoting plugins or merging plugin changes.

INTEGRITY.json manifest with per-file SHA-256 hashes
Verification report (VERIFIED vs TAMPERED)
Supply-chain audit notes on pinning and untracked files

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Supply-chain verification is the canonical gate before shipping agent tooling to real users. Tamper detection, manifest comparison, and dependency pinning are classic pre-production security controls.

Also useful

BuildAgent skills & templates

Also useful

OperateInfrastructure & cost

Where it fits

Example use

BuildAgent skills & templates

Hash a new local MCP server folder before you symlink it into your agent config.

Example use

ShipSecurity

Re-verify installed plugins against INTEGRITY.json right before a release tag.

Example use

OperateInfrastructure & cost

Periodic re-hash on production agent hosts to catch post-install file changes.

How it compares

Use for agent-plugin directory integrity, not as a substitute for full SLSA or container image signing pipelines.

Common Questions / FAQ

Who is agent-supply-chain for?

Solo and indie builders who package or install AI agent plugins, MCP servers, and tool directories and want tamper checks before trusting them in production.

When should I use agent-supply-chain?

Use it before promoting plugins dev → staging → production, during plugin PR review, when someone asks to verify plugin integrity or generate a manifest, and when auditing dependency pinning on agent components.

Is agent-supply-chain safe to install?

Review the Security Audits panel on this Prism page for published audit results and risk level before installing the skill in your agent environment.

SKILL.md

READMESKILL.md - Agent Supply Chain

# Agent Supply Chain Integrity

Generate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance.

## Overview

Agent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap.

```
Plugin Directory → Hash All Files (SHA-256) → Generate INTEGRITY.json
                                                    ↓
Later: Plugin Directory → Re-Hash Files → Compare Against INTEGRITY.json
                                                    ↓
                                          Match? VERIFIED : TAMPERED
```

## When to Use

- Before promoting a plugin from development to production
- During code review of plugin PRs
- As a CI step to verify no files were modified after review
- When auditing third-party agent tools or MCP servers
- Building a plugin marketplace with integrity requirements

---

## Pattern 1: Generate Integrity Manifest

Create a deterministic `INTEGRITY.json` with SHA-256 hashes of all plugin files.

```python
import hashlib
import json
from datetime import datetime, timezone
from pathlib import Path

EXCLUDE_DIRS = {".git", "__pycache__", "node_modules", ".venv", ".pytest_cache"}
EXCLUDE_FILES = {".DS_Store", "Thumbs.db", "INTEGRITY.json"}

def hash_file(path: Path) -> str:
    """Compute SHA-256 hex digest of a file."""
    h = hashlib.sha256()
    with open(path, "rb") as f:
        for chunk in iter(lambda: f.read(8192), b""):
            h.update(chunk)
    return h.hexdigest()

def generate_manifest(plugin_dir: str) -> dict:
    """Generate an integrity manifest for a plugin directory."""
    root = Path(plugin_dir)
    files = {}

    for path in sorted(root.rglob("*")):
        if not path.is_file():
            continue
        if path.name in EXCLUDE_FILES:
            continue
        if any(part in EXCLUDE_DIRS for part in path.relative_to(root).parts):
            continue
        rel = path.relative_to(root).as_posix()
        files[rel] = hash_file(path)

    # Chain hash: SHA-256 of all file hashes concatenated in sorted order
    chain = hashlib.sha256()
    for key in sorted(files.keys()):
        chain.update(files[key].encode("ascii"))

    manifest = {
        "plugin_name": root.name,
        "generated_at": datetime.now(timezone.utc).isoformat(),
        "algorithm": "sha256",
        "file_count": len(files),
        "files": files,
        "manifest_hash": chain.hexdigest(),
    }
    return manifest

# Generate and save
manifest = generate_manifest("my-plugin/")
Path("my-plugin/INTEGRITY.json").write_text(
    json.dumps(manifest, indent=2) + "\n"
)
print(f"Generated manifest: {manifest['file_count']} files, "
      f"hash: {manifest['manifest_hash'][:16]}...")
```

**Output (`INTEGRITY.json`):**
```json
{
  "plugin_name": "my-plugin",
  "generated_at": "2026-04-01T03:00:00+00:00",
  "algorithm": "sha256",
  "file_count": 12,
  "files": {
    ".claude-plugin/plugin.json": "a1b2c3d4...",
    "README.md": "e5f6a7b8...",
    "skills/search/SKILL.md": "c9d0e1f2...",
    "agency.json": "3a4b5c6d..."
  },
  "manifest_hash": "7e8f9a0b1c2d3e4f..."
}
```

---

## Pattern 2: Verify Integrity

Check that current files match the manifest.

```

What is this skill?

SHA-256 hashes every file in a plugin directory into an INTEGRITY.json manifest

Re-hash verification flags VERIFIED vs TAMPERED against the published manifest

Supports provenance chains for dev → staging → production plugin promotion

Covers dependency pinning audits and untracked-file detection in agent tool trees

Fills the gap where agent/MCP ecosystems lack npm-style provenance or SLSA

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 750 installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

BuildAgent skills & templates

Also useful

OperateInfrastructure & cost

Where it fits

Example use

BuildAgent skills & templates

Hash a new local MCP server folder before you symlink it into your agent config.

Example use

ShipSecurity

Re-verify installed plugins against INTEGRITY.json right before a release tag.

Example use

OperateInfrastructure & cost

Periodic re-hash on production agent hosts to catch post-install file changes.

SKILL.md

READMESKILL.md - Agent Supply Chain

# Agent Supply Chain Integrity

Generate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance.

## Overview

Agent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap.

```
Plugin Directory → Hash All Files (SHA-256) → Generate INTEGRITY.json
                                                    ↓
Later: Plugin Directory → Re-Hash Files → Compare Against INTEGRITY.json
                                                    ↓
                                          Match? VERIFIED : TAMPERED
```

## When to Use

- Before promoting a plugin from development to production
- During code review of plugin PRs
- As a CI step to verify no files were modified after review
- When auditing third-party agent tools or MCP servers
- Building a plugin marketplace with integrity requirements

---

## Pattern 1: Generate Integrity Manifest

Create a deterministic `INTEGRITY.json` with SHA-256 hashes of all plugin files.

```python
import hashlib
import json
from datetime import datetime, timezone
from pathlib import Path

EXCLUDE_DIRS = {".git", "__pycache__", "node_modules", ".venv", ".pytest_cache"}
EXCLUDE_FILES = {".DS_Store", "Thumbs.db", "INTEGRITY.json"}

def hash_file(path: Path) -> str:
    """Compute SHA-256 hex digest of a file."""
    h = hashlib.sha256()
    with open(path, "rb") as f:
        for chunk in iter(lambda: f.read(8192), b""):
            h.update(chunk)
    return h.hexdigest()

def generate_manifest(plugin_dir: str) -> dict:
    """Generate an integrity manifest for a plugin directory."""
    root = Path(plugin_dir)
    files = {}

    for path in sorted(root.rglob("*")):
        if not path.is_file():
            continue
        if path.name in EXCLUDE_FILES:
            continue
        if any(part in EXCLUDE_DIRS for part in path.relative_to(root).parts):
            continue
        rel = path.relative_to(root).as_posix()
        files[rel] = hash_file(path)

    # Chain hash: SHA-256 of all file hashes concatenated in sorted order
    chain = hashlib.sha256()
    for key in sorted(files.keys()):
        chain.update(files[key].encode("ascii"))

    manifest = {
        "plugin_name": root.name,
        "generated_at": datetime.now(timezone.utc).isoformat(),
        "algorithm": "sha256",
        "file_count": len(files),
        "files": files,
        "manifest_hash": chain.hexdigest(),
    }
    return manifest

# Generate and save
manifest = generate_manifest("my-plugin/")
Path("my-plugin/INTEGRITY.json").write_text(
    json.dumps(manifest, indent=2) + "\n"
)
print(f"Generated manifest: {manifest['file_count']} files, "
      f"hash: {manifest['manifest_hash'][:16]}...")
```

**Output (`INTEGRITY.json`):**
```json
{
  "plugin_name": "my-plugin",
  "generated_at": "2026-04-01T03:00:00+00:00",
  "algorithm": "sha256",
  "file_count": 12,
  "files": {
    ".claude-plugin/plugin.json": "a1b2c3d4...",
    "README.md": "e5f6a7b8...",
    "skills/search/SKILL.md": "c9d0e1f2...",
    "agency.json": "3a4b5c6d..."
  },
  "manifest_hash": "7e8f9a0b1c2d3e4f..."
}
```

---

## Pattern 2: Verify Integrity

Check that current files match the manifest.

```

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-supply-chain for?

When should I use agent-supply-chain?

Is agent-supply-chain safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is agent-supply-chain for?

When should I use agent-supply-chain?

Is agent-supply-chain safe to install?

SKILL.md