safe-chain

📁 strozw/agent-skills 📅 10 days ago

总安装量

周安装量

#47572

全站排名

安装命令

npx skills add https://github.com/strozw/agent-skills --skill safe-chain

Agent 安装分布

opencode 1

codex 1

claude-code 1

Skill 文档

Safe Chain Skill

This skill improves security by automatically routing package manager commands through safe-chain.

Covered commands

When running the following commands, you must always route them through safe-chain:

Node.js/JavaScript

npm -> safe-chain npm
npx -> safe-chain npx
yarn -> safe-chain yarn
pnpm -> safe-chain pnpm
pnpx -> safe-chain pnpx
bun -> safe-chain bun
bunx -> safe-chain bunx

Python

pip -> safe-chain pip
pip3 -> safe-chain pip3
uv -> safe-chain uv
uvx -> safe-chain uv tool run
poetry -> safe-chain poetry
pipx -> safe-chain pipx

Execution rules

Required for package installs and updates
- â Correct: safe-chain npm install express
- â Incorrect: npm install express
Required for running scripts
- â Correct: safe-chain npx create-react-app my-app
- â Incorrect: npx create-react-app my-app
Required for global installs
- â Correct: safe-chain npm install -g typescript
- â Incorrect: npm install -g typescript
Required for updating existing dependencies
- â Correct: safe-chain npm update
- â Incorrect: npm update

Verification

To confirm that safe-chain is working correctly:

# Test a Node.js package
safe-chain npm install safe-chain-test

# Test a Python package
safe-chain pip3 install safe-chain-pi-test

# Check the safe-chain version
safe-chain --version

Exceptions

The following commands do not need to go through safe-chain:

npm run <script> (runs scripts in package.json)
npm test
npm start
npm --version (version check only)

Important note

WARNING: While this skill is enabled, do not execute package manager commands directly.

safe-chain scans installed packages in real time and protects against malware and malicious code. Using this skill significantly reduces the risk of supply chain attacks.

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台