sam-4screen-desktop 2026-6-5:17:50:24

2026-06-05 17:50:24 +10:00
parent edcb2a5456
commit 98acace9b7
2 changed files with 54 additions and 5 deletions
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -13,12 +13,12 @@
            "state": {
              "type": "markdown",
              "state": {
-                "file": "300 areas/350 AI/Security NPM packages tools.md",
+                "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md",
                "mode": "source",
                "source": true
              },
              "icon": "lucide-file",
-              "title": "Security NPM packages tools"
+              "title": "Pi Agent Extensions & Skills"
            }
          }
        ]
@@ -181,10 +181,10 @@
            "state": {
              "type": "file-properties",
              "state": {
-                "file": "300 areas/350 AI/Security NPM packages tools.md"
+                "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md"
              },
              "icon": "lucide-info",
-              "title": "File properties for Security NPM packages tools"
+              "title": "File properties for Pi Agent Extensions & Skills"
            }
          }
        ],
@@ -209,9 +209,9 @@
  },
  "active": "b145af38583e5d9a",
  "lastOpenFiles": [
+    "300 areas/350 AI/Security NPM packages tools.md",
    "300 areas/350 AI/Pi Agent Extensions & Skills.md",
    "300 areas/350 AI/Automated Agentic Tools.md",
-    "300 areas/350 AI/Security NPM packages tools.md",
    "300 areas/350 AI/AI Tools to try.md",
    "400 resources/410 Web Pages/Website Design AI.md",
    "300 areas/350 AI/Hermes Ai autonomous Agent.md",
--- a/Skills.md
+++ b/Skills.md
@@ -52,6 +52,55 @@ aliases: []
 | **openspec-apply-change** | Implement tasks from an OpenSpec change |
 | **openspec-archive-change** | Archive completed changes |
 | **openspec-explore** | Explore ideas and clarify requirements |
+| **npm-security** | Scan packages with SafeDep Vet, check typosquatting with npq, wrap installs with Socket Firewall |
+
+---
+
+## Security Tools (npm Global)
+
+Three tools installed globally at `~/.local/share/npm-global/bin/` to guard package installs.
+
+### SafeDep Vet (`vet`)
+
+Scans local directories for multi-language malware signatures. Catches obfuscated code, suspicious imports, base64 payloads.
+
+```bash
+# Scan a cloned repo before touching it
+vet scan -D . --format json --filter "package.malware == true"
+
+# Scan package metadata from npm registry
+vet scan package <name> --format json
+```
+
+### Socket Firewall (`socket`)
+
+Wraps npm/pip installs with real-time scanning. Blocks malicious packages at install time.
+
+```bash
+# Safe npm install
+socket npm install <package>
+
+# Safe pip install
+socket pip install -r requirements.txt
+```
+
+### npq
+
+Checks package names against typosquatting lists before install. Lightweight, local, no phoning home.
+
+```bash
+npq check <package> --json
+```
+
+### Workflow
+
+```
+1. vet scan → checks for malware in the code/package
+2. npq check → checks the package name for typosquatting
+3. socket install → wraps the actual install with runtime scanning
+```
+
+The **npm-security** skill instructs the Pi agent to follow this workflow before any install.

 ---