pypi
11 articles about pypi in AI news
TrapDoor supply-chain attack hits npm, PyPI, Crates.io — weaponizes AI config files
TrapDoor planted 34 malicious packages on npm, PyPI, and Crates.io, and injected poisoned AI config files into repos to weaponize Claude Code and Cursor.
PyPI Quarantines LiteLLM Package After Supply Chain Attack Compromises AI Integration Tool
The Python Package Index (PyPI) has quarantined the LiteLLM package after a supply chain attack distributed a malicious update. The action prevents automatic installation of the compromised version via pip.
Block Compromised NPM/PyPI Packages Automatically with attach-guard
A new Claude Code plugin uses PreToolUse hooks to automatically block compromised packages like the recent axios hijack before they install.
Skills as Untrusted Code: A Security Precedent for Agent Runtimes
Paper argues agent skills are untrusted code until verified; runtimes must enforce verification gates to prevent supply-chain attacks, echoing decades of software security lessons.
Cloudflare Ships Enterprise MCP Governance
Cloudflare's MCP portal aggregates servers behind Cloudflare Access auth, while Code Mode collapses APIs into two tools. But most SaaS MCP endpoints lack controls — here's how to protect your Claude Code workflows.
Alumnium MCP Hits 98.5% on WebVoyager: How to Add SOTA Browsing to Claude Code
The open-source Alumnium MCP server, which acts as a high-level browser subagent for Claude Code, just set a new state-of-the-art benchmark score. Install it to offload complex web tasks.
3 Documentation MCP Servers to Install Now: GitMCP, Microsoft Learn, and Grounded Docs
Stop tab-hopping for docs. These three MCP servers give Claude Code direct access to GitHub repos, Microsoft Learn, and version-specific documentation.
Stop Wasting Tokens in Your CLAUDE.md: The Layered Configuration System
Separate global, project, and file-type rules into different CLAUDE.md files to cut token waste and make Claude Code more effective.
GuardClaw: The Cryptographic Audit Trail That Could Make AI Agents Accountable
GuardClaw introduces cryptographically verifiable execution logs for AI agents, creating immutable records of autonomous actions. This open-source protocol could revolutionize accountability in AI systems performing financial trades, infrastructure changes, and critical operations.
SkillsMP Launches AI 'App Store' with 270,000+ Claude Skills for Seamless Code Automation
SkillsMP introduces an open-source marketplace with over 270,000 specialized AI skills for Claude Code, enabling automatic skill invocation without manual prompting. The platform eliminates setup friction while supporting cross-model compatibility through an open standard.
GitHub Repository Unleashes 1,715+ Production-Ready AI Agent Skills
A new GitHub repository has surfaced containing over 1,715 production-ready AI agent skills that developers can install and deploy in seconds. This collection represents a significant leap in accessible AI tooling, potentially accelerating agent-based application development across industries.