The latest articles on DEV Community by harotalo (@hotsa104). https://dev.to/hotsa104 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3979609%2Fffc70130-d7a9-4264-a965-bd30d04c3001.png https://dev.to/hotsa104 en harotalo Thu, 11 Jun 2026 13:49:26 +0000 https://dev.to/hotsa104/when-package-managers-cant-help-defending-ai-agent-skills-against-supply-chain-attacks-4681 https://dev.to/hotsa104/when-package-managers-cant-help-defending-ai-agent-skills-against-supply-chain-attacks-4681 <h2> A real-world implementation of static + LLM-based scanning for Claude Code / Cursor skill layers </h2> <p>npm's supply chain defenses have matured fast. By 2026, pnpm ships with automatic 1-day release age cooldown (default ON), and npm v12 will block install scripts by default. The battle for package-layer security is being won.<br> But the attack surface moved. And the new frontier is invisible to traditional security.<br> When you run npx some-skills add frontend-design, you're importing a skill — a SKILL.md file that Claude Code will immediately parse and follow as instructions. This layer:</p> <p>Bypasses package managers entirely (no cooldown, no signature check)<br> Evades EDR (it's just Markdown text)<br> Reaches the highest-trust environment: developer's local machine with all credentials loaded</p> <p>And it's already compromised. ClawHub (an AI skill marketplace) was found to contain 341 malicious skills out of 2,857 (11.9%) in Feb 2026.<br> This article documents why existing defenses fail, what I built to solve it (skill-firewall), and the surprising UX lessons learned along the way — from symlink traps to why "warning the agent" beats "alerting the user."</p> agents ai cybersecurity security