Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action
Check repositories and CI surfaces for Shai-Hulud 2.0 compromise indicators when the task is targeted supply-chain triage, not generic malware scanning.
What it does
Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action
Check repositories and CI surfaces for Shai-Hulud 2.0 compromise indicators when the task is targeted supply-chain triage, not generic malware scanning.
Prerequisites
GitHub Action or local detector CLI, repository or monorepo to scan, and security triage review
Installation
Use the upstream install or setup path that matches your environment:
- STOP - Do not run npm install or any build commands
- npm cache clean --force
- npm install --ignore-scripts # Prevent postinstall hooks
- npm audit
Requirements and caveats from upstream:
- <strong>🔑 THE SUCCESS OF THIS PROJECT DEPENDS ON YOU!</strong>
- | PostHog | 62 | posthog-node, posthog-js, @posthog/nextjs, @posthog/plugin-server |
- node scripts/update-ioc-database.js
Basic usage or getting-started notes:
-
<a href="#quick-start">Quick Start</a> •
-
Source: https://github.com/gensecaihq/Shai-Hulud-2.0-Detector
-
Extracted from upstream docs: https://raw.githubusercontent.com/gensecaihq/Shai-Hulud-2.0-Detector/HEAD/README.md
Documentation
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,407 chars)