---
title: "Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action"
description: "Check repositories and CI surfaces for Shai-Hulud 2.0 compromise indicators when the task is targeted supply-chain triage, not generic malware scanning."
verification: "listed"
source: "https://github.com/gensecaihq/Shai-Hulud-2.0-Detector"
author: "GenSecAIHQ"
publisher_type: "GitHub repository"
category:
  - "Security & Verification"
framework:
  - "Multi-Framework"
tool_ecosystem:
  github_repo: "gensecaihq/Shai-Hulud-2.0-Detector"
  github_stars: 124
---

# Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action

Check repositories and CI surfaces for Shai-Hulud 2.0 compromise indicators when the task is targeted supply-chain triage, not generic malware scanning.

## Prerequisites

GitHub Action or local detector CLI, repository or monorepo to scan, and security triage review

## Installation

Choose whichever fits your setup:

1. Copy this skill folder into your local skills directory.
2. Clone the repo and symlink or copy the skill into your agent workspace.
3. Add the repo as a git submodule if you manage shared skills centrally.
4. Install it through your internal provisioning or packaging workflow.
5. Download the folder directly from GitHub and place it in your skills collection.

Install command or upstream instructions:

```
Use the upstream GitHub Action in CI or run the detector locally, then review the campaign-specific findings, SARIF output, and incident-response guidance from the project documentation.
```

## Documentation

- https://github.com/gensecaihq/Shai-Hulud-2.0-Detector#readme

## Source

- [Agent Skill Exchange](https://agentskillexchange.com/skills/scan-repositories-for-shai-hulud-2-0-supply-chain-indicators-with-the-detector-action/)