daily-supply-chain-auditlisted

# Daily Supply Chain Audit Audits the agentic toolchain end-to-end and refuses to let work continue if critical vulnerabilities are found. Designed for paranoia, calibrated for 2026's threat landscape (1,184 malicious skills found in ClawHavoc, CVE-2025-59536 hooks injection RCE, three vulns in Anthropic's own Git MCP, mcp-remote CVSS 9.6 RCE — supply chain attacks on AI tooling are real and ongoing). ## What it checks 1. **Tool versions** — `claude --version` ≥ 2.0.65, `codex --version` current, `gh`, `node`, `pnpm` not on known-vulnerable releases. 2. **Config drift** — `~/.claude/settings.json`, `~/.codex/config.toml`, and any `.mcp.json` in active repos diffed against signed baselines stored in `~/.config/walter-os/baselines/`. Unauthorized additions = block. 3. **Hooks integrity** — every hook in `~/.claude/settings.json` matches a sha256 in `~/.config/walter-os/hook-checksums.json`. New hooks require explicit operator approval (the script prompts). 4. **Installed MCP servers** — runs `mcp-scan` (Snyk) and `mcp-scanner` (Cisco) if available; queries `agentaudit.dev` and `mcpskills.io` for trust scores. 5. **Skills audit** — every skill in `~/.claude/skills/` and `~/.codex/skills/` gets static analysis: scripts shouldn't `curl | bash`, shouldn't write to `~/.ssh`, shouldn't egress to non-allowlisted domains. 6. **Tool definition drift** — stdio, HTTP, and SSE MCP servers loaded from `~/.claude/settings.json` are probed via `tools/list` and co