Summary
This teaches Claude how to identify and test dependency confusion vulnerabilities across npm, pip, Maven, RubyGems, and other package ecosystems. It walks through the core mechanic (attacker publishes a higher version of an internal package name on a public registry), shows recon commands to check if names are squattable, and provides PoC patterns using DNS callbacks instead of destructive payloads. The guidance is red-team focused but includes defensive controls like scoped packages and lockfile enforcement. Load this when you're auditing manifests for supply chain risk or running authorized exercises against build pipelines. It pairs well with the recon-for-sec skill for initial package enumeration.
Install to Claude Code
npx -y skills add yaklang/hack-skills --skill dependency-confusion --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →First SeenJun 3, 2026
