Summary
Generates SHA-256 integrity manifests for agent plugins and MCP servers, then verifies nothing got modified or injected after review. You hash all files in a plugin directory, save INTEGRITY.json, and later check if current files match. It catches tampered code, untracked files that appeared post-audit, and unpinned dependency versions. The promotion gate pattern is smart: block prod deploys if verification fails or required files are missing. This is basically npm provenance or container signing but for the agent ecosystem, which has none of that infrastructure yet. If you're building a plugin marketplace or running CI on third-party tools, this closes a real gap.
Install to Claude Code
npx -y skills add github/awesome-copilot --skill agent-supply-chain --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
