When Trusted Packages Turn Hostile: Cascading Supply Chain Attacks
TeamPCP compromises legitimate packages and cascades through the supply chain via stolen credentials. Why this attack pattern evades detection.
#verification
5 articles with this tag.
You're Using Claude Code Skills. Do You Know What's in Them?
Claude Code skills can read files, run commands, and access credentials. What the skill ecosystem gets wrong about security — and how to protect yourself.
Why Scanning Architecture Matters: Comparing Skill Registry Security
Comparing install-time scanning, reactive moderation, and dual-side verification — and the supply chain attack vectors each security model misses.
Introducing SkillSafe: Why AI Coding Skills Need a Verified Registry
341 malicious AI skills were found on a major registry. SkillSafe scans before sharing, re-verifies on install, and blocks tampered code automatically.
How Dual-Side Verification Protects Against Supply Chain Attacks
How SkillSafe dual-side verification works: publisher scans, consumer re-scans, and cryptographic tree hashes that detect tampering before install.