
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@shahboura/agents-claude
Advanced tools
Claude-targeted agent pack for software development with specialized subagents, on-demand skills, security guardrails, and context-optimized workflows.
Lean Claude Code agent pack for fast setup, safer skill loading, and production-ready workflows.
npx.Quick jump: Agents · Skills Matrix · Skills · Full Docs
Requires: Node.js and npm
# Via npx (recommended)
npx @shahboura/agents-claude --global
# Alternative (direct npm install)
npm install -g @shahboura/agents-claude && agents-claude --global
# Project install (current directory only)
npx @shahboura/agents-claude --project .
# Install with specific languages only
npx @shahboura/agents-claude --global --languages python,typescript
# Update existing installation
npx @shahboura/agents-claude --update
# Force update both global + current project scopes
npx @shahboura/agents-claude --update --all
# Uninstall
npx @shahboura/agents-claude --uninstall
# Global uninstall
npx @shahboura/agents-claude --uninstall --global
# Uninstall both global + current project scopes
npx @shahboura/agents-claude --uninstall --all
# Check detected installation scopes
npx @shahboura/agents-claude --status
Install behavior note:
npx/npm installs from the published npm package version (deterministic release artifact).Package naming:
@shahboura/agents-claude (scoped package).agents-claude.agents-claude is the installer/maintenance CLI; day-to-day use runs in claude.agents-claude on npm, treat it as a different package.Uninstall behavior:
npx @shahboura/agents-claude --uninstall targets the current project by default.--global or --all for explicit scope control.installed (version-marker), uninstall removes marker files only.
Run --update first, then uninstall for full managed-file cleanup.<project>/.claude/.backups/<timestamp>--<operation>--<scope>/~/.claude/.backups/<timestamp>--<operation>--<scope>/Restore from backup:
backup-manifest.json for file paths.Update behavior:
npx @shahboura/agents-claude --update auto-detects and updates installed scopes (global and/or current project).--all, --global, or --project [dir] to force explicit update scope.Settings behavior:
.claude/settings.json.CLAUDE.md already exists before install, installer leaves it unmanaged and will not remove it on uninstall.CLAUDE.md
is eligible for removal on uninstall.Install safety behavior:
Scope behavior:
--global targets ~/.claude only.--project [dir] targets <project>/.claude and installer-managed CLAUDE.md.--update auto-detects installed scopes and updates each.--uninstall defaults to current project scope only.--all applies update/uninstall to both global and current project scopes.First run in Claude Code:
claude
/init
@orchestrator Build a REST API with JWT auth
| Agent | Best For | Allocated Skills (summary) |
|---|---|---|
@orchestrator | Multi-phase coordination | Language skills + utility skills + blogger/brutal-critic |
@planner | Read-only architecture/planning | Language skills + utility skills |
@codebase | Feature implementation | Language skills + sql-migrations |
@review | Security/performance/code quality | Language skills + docs-validation + agent-diagnostics |
@docs | Documentation updates | docs-validation + project-bootstrap + agent-diagnostics |
@em-advisor | EM/leadership guidance | project-bootstrap + docs-validation + agent-diagnostics |
@blogger | Blog/video/podcast drafting | blogger + brutal-critic |
@brutal-critic | Final content quality gate | brutal-critic + blogger |
See full allowlists: Skills Matrix
.claude/skills/<name>/SKILL.md.Use least-privilege tools and selective skill invocation to prevent unrelated context/tool access.
This keeps skills focused by task and reduces accidental context bloat.
Type /skill-name in Claude Code to run:
| Skill | Description |
|---|---|
/api-docs | Generate API documentation |
/code-review | Comprehensive code review |
/generate-tests | Unit test generation |
/security-audit | Security audit |
/refactor-plan | Refactoring plan |
/create-readme | Generate README |
/architecture-decision | ADR creation |
/architecture-review | Architecture review |
/blog-post | Blog post creation |
/content-review | Content quality scoring |
/plan-project | Multi-phase project planning |
/1-on-1-prep | Meeting preparation |
FAQs
Claude-targeted agent pack for software development with specialized subagents, on-demand skills, security guardrails, and context-optimized workflows.
We found that @shahboura/agents-claude demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.