Bitwarden CLI was compromised via npm. Your agent could be next. Scan before you install.
Your AI agent runs npm install some-mcp-server and 30 seconds later, your API keys are in someone else's database. This isn't hypothetical — it happened to Bitwarden CLI in April 2026.
| Stat | Number |
|---|---|
| Packages with known vulnerabilities | 86% of repos |
| Average detection time for compromised package | 209 days |
| npm packages added daily | ~1,200 (many are typosquats) |
| Agent-related supply chain incidents (2026) | 47 and counting |
AI agents are the perfect target: they install packages automatically, run with high privileges, and handle sensitive data. One bad npm install can compromise everything.
Dependency Guard scans npm/pip packages BEFORE installation. No dependencies. No build step. Copy the SKILL.md, and your agent will:
- 🔍 Check metadata — Is this package legitimate or a typosquat?
⚠️ Detect post-install scripts — The #1 attack vector for supply chain attacks- 🧬 Analyze dependency graph — What's hiding in the transitive chain?
- 🏷️ Score risk — Quantified 0-100 risk score, not vibes
- 🚑 Emergency response — What to do when you've already installed a bad package
# 30-second safety check before ANY install
npm view <package> scripts # Check for postinstall hooks
npm view <package> author # Verify the author
npm view <package> --json | jq '.time.created' # New = suspicious
npm audit # Scan for known CVEsIf the package has postinstall scripts and you don't recognize the author — DO NOT INSTALL.
| Attack Type | How We Detect It | Real Example |
|---|---|---|
| Typosquatting | Edit distance from top-1000 packages | lodassh → lodash |
| Install-time execution | Scan for postinstall/preinstall scripts | Bitwarden CLI compromise |
| Dependency confusion | Check scoped vs unscoped registries | company-utils public vs private |
| Dormant malware | Sudden version spikes, new maintainer | ua-parser-js incident |
| Transitive attacks | Full dependency tree audit | event-stream via flatmap-stream |
| Obfuscated code | Scan for eval/atob/encoded strings | Credential stealers |
Start at 100, subtract for risk factors:
-30 Critical CVE found
-20 Post-install scripts present
-20 Typosquat match detected
-15 Package < 30 days old
-10 Single maintainer
-5 Per suspicious transitive dependency
≥ 70 ✅ Safe to install
40-69 ⚠️ Install with caution
< 40 🚫 Do not install
# GitHub Actions - auto-scan new dependencies
- name: Dependency Guard
run: |
git diff origin/main -- package.json | grep '+ "' | while read line; do
pkg=$(echo "$line" | sed 's/.*"\([^"]*\)".*/\1/')
echo "Scanning: $pkg"
npm view "$pkg" scripts --json
done
npm audit --productionThis is a pure markdown skill. No npm. No pip. No builds. Your agent reads the SKILL.md and follows the procedures using tools already on your system (npm, pip, jq, grep).
Copy → paste → protected.
- skill-mcp-security-audit — Audit MCP server code for security issues
- skill-git-secret-sweep — Scan repos for leaked secrets and API keys
Supply chain attacks on AI agents are accelerating. In the past 30 days:
- Bitwarden CLI compromised via npm typosquatting (April 2026)
- 47 agent-related supply chain incidents reported
- Infisical launched Agent Vault — credential proxy for agents, showing the market demand
Don't wait until your agent's credentials are stolen. Start scanning today.
MIT — Use freely, scan everything, trust nothing.