Verify supply chain integrity for AI agent plugins, tools, and dependencies. Use this skill when: - Generating SHA-256 integrity manifests for agent plugins or tool packages - Verifying that installed plugins match their published manifests - Detecting tampered, modified, or untracked files in agent tool directories - Auditing dependency pinning and version policies for agent components - Building provenance chains for agent plugin promotion (dev → staging → production) - Any request like "verify plugin integrity", "generate manifest", "check supply chain", or "sign this plugin"
Generate and verify integrity manifests for AI agent plugins and tools. Detect tampering, enforce version pinning, and establish supply chain provenance.
Agent plugins and MCP servers have the same supply chain risks as npm packages or container images — except the ecosystem has no equivalent of npm provenance, Sigstore, or SLSA. This skill fills that gap.
Plugin Directory → Hash All Files (SHA-256) → Generate INTEGRITY.json
↓
Later: Plugin Directory → Re-Hash Files → Compare Against INTEGRITY.json
↓
Match? VERIFIED : TAMPERED
Create a deterministic INTEGRITY.json with SHA-256 hashes of all plugin files.
import hashlib
import json
from datetime import datetime, timezone
from pathlib import Path
EXCLUDE_DIRS = {".git", "__pycache__", "node_modules", ".venv", ".pytest_cache"}
EXCLUDE_FILES = {".DS_Store", "Thumbs.db", "INTEGRITY.json"}
def hash_file(path: Path) -> str:
"""Compute SHA-256 hex digest of a file."""
h = hashlib.sha256()
with open(path, "rb") as f:
for chunk in iter(lambda: f.read(8192), b""):
h.update(chunk)
return h.hexdigest()
def generate_manifest(plugin_dir: str) -> dict:
"""Generate an integrity manifest for a plugin directory."""
root = Path(plugin_dir)
files = {}
for path in sorted(root.rglob("*")):
if not path.is_file():
continue
if path.name in EXCLUDE_FILES:
continue
if any(part in EXCLUDE_DIRS for part in path.relative_to(root).parts):
continue
rel = path.relative_to(root).as_posix()
files[rel] = hash_file(path)
# Chain hash: SHA-256 of all file hashes concatenated in sorted order
chain = hashlib.sha256()
for key in sorted(files.keys()):
chain.update(files[key].encode("ascii"))
manifest = {
"plugin_name": root.name,
"generated_at": datetime.now(timezone.utc).isoformat(),
"algorithm": "sha256",
"file_count": len(files),
"files": files,
"manifest_hash": chain.hexdigest(),
}
return manifest
# Generate and save
manifest = generate_manifest("my-plugin/")
Path("my-plugin/INTEGRITY.json").write_text(
json.dumps(manifest, indent=2) + "\n"
)
print(f"Generated manifest: {manifest['file_count']} files, "
f"hash: {manifest['manifest_hash'][:16]}...")
Output (INTEGRITY.json):
{
"plugin_name": "my-plugin",
"generated_at": "2026-04-01T03:00:00+00:00",
"algorithm": "sha256",
"file_count": 12,
"files": {
".claude-plugin/plugin.json": "a1b2c3d4...",
"README.md": "e5f6a7b8...",
"skills/search/SKILL.md": "c9d0e1f2...",
"agency.json": "3a4b5c6d..."
},
"manifest_hash": "7e8f9a0b1c2d3e4f..."
}
Check that current files match the manifest.
# Requires: hash_file() and generate_manifest() from Pattern 1 above
import json
from pathlib import Path
def verify_manifest(plugin_dir: str) -> tuple[bool, list[str]]:
"""Verify plugin files against INTEGRITY.json."""
root = Path(plugin_dir)
manifest_path = root / "INTEGRITY.json"
if not manifest_path.exists():
return False, ["INTEGRITY.json not found"]
manifest = json.loads(manifest_path.read_text())
recorded = manifest.get("files", {})
errors = []
# Check recorded files
for rel_path, expected_hash in recorded.items():
full = root / rel_path
if not full.exists():
errors.append(f"MISSING: {rel_path}")
continue
actual = hash_file(full)
if actual != expected_hash:
errors.append(f"MODIFIED: {rel_path}")
# Check for new untracked files
current = generate_manifest(plugin_dir)
for rel_path in current["files"]:
if rel_path not in recorded:
errors.append(f"UNTRACKED: {rel_path}")
return len(errors) == 0, errors
# Verify
passed, errors = verify_manifest("my-plugin/")
if passed:
print("VERIFIED: All files match manifest")