safe-chain

📁 strozw/agent-skills 📅 10 days ago
1
总安装量
1
周安装量
#47572
全站排名
安装命令
npx skills add https://github.com/strozw/agent-skills --skill safe-chain

Agent 安装分布

opencode 1
codex 1
claude-code 1

Skill 文档

Safe Chain Skill

This skill improves security by automatically routing package manager commands through safe-chain.

Covered commands

When running the following commands, you must always route them through safe-chain:

Node.js/JavaScript

  • npm -> safe-chain npm
  • npx -> safe-chain npx
  • yarn -> safe-chain yarn
  • pnpm -> safe-chain pnpm
  • pnpx -> safe-chain pnpx
  • bun -> safe-chain bun
  • bunx -> safe-chain bunx

Python

  • pip -> safe-chain pip
  • pip3 -> safe-chain pip3
  • uv -> safe-chain uv
  • uvx -> safe-chain uv tool run
  • poetry -> safe-chain poetry
  • pipx -> safe-chain pipx

Execution rules

  1. Required for package installs and updates

    • ✅ Correct: safe-chain npm install express
    • ❌ Incorrect: npm install express
  2. Required for running scripts

    • ✅ Correct: safe-chain npx create-react-app my-app
    • ❌ Incorrect: npx create-react-app my-app
  3. Required for global installs

    • ✅ Correct: safe-chain npm install -g typescript
    • ❌ Incorrect: npm install -g typescript
  4. Required for updating existing dependencies

    • ✅ Correct: safe-chain npm update
    • ❌ Incorrect: npm update

Verification

To confirm that safe-chain is working correctly:

# Test a Node.js package
safe-chain npm install safe-chain-test

# Test a Python package
safe-chain pip3 install safe-chain-pi-test

# Check the safe-chain version
safe-chain --version

Exceptions

The following commands do not need to go through safe-chain:

  • npm run <script> (runs scripts in package.json)
  • npm test
  • npm start
  • npm --version (version check only)

Important note

WARNING: While this skill is enabled, do not execute package manager commands directly.

safe-chain scans installed packages in real time and protects against malware and malicious code. Using this skill significantly reduces the risk of supply chain attacks.