From 98acace9b71cd121d01b229147a12460a1dbb53e Mon Sep 17 00:00:00 2001 From: Sam Rolfe Date: Fri, 5 Jun 2026 17:50:24 +1000 Subject: [PATCH] sam-4screen-desktop 2026-6-5:17:50:24 --- .obsidian/workspace.json | 10 ++-- .../350 AI/Pi Agent Extensions & Skills.md | 49 +++++++++++++++++++ 2 files changed, 54 insertions(+), 5 deletions(-) diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 52f4b9e..3c8280f 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -13,12 +13,12 @@ "state": { "type": "markdown", "state": { - "file": "300 areas/350 AI/Security NPM packages tools.md", + "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md", "mode": "source", "source": true }, "icon": "lucide-file", - "title": "Security NPM packages tools" + "title": "Pi Agent Extensions & Skills" } } ] @@ -181,10 +181,10 @@ "state": { "type": "file-properties", "state": { - "file": "300 areas/350 AI/Security NPM packages tools.md" + "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md" }, "icon": "lucide-info", - "title": "File properties for Security NPM packages tools" + "title": "File properties for Pi Agent Extensions & Skills" } } ], @@ -209,9 +209,9 @@ }, "active": "b145af38583e5d9a", "lastOpenFiles": [ + "300 areas/350 AI/Security NPM packages tools.md", "300 areas/350 AI/Pi Agent Extensions & Skills.md", "300 areas/350 AI/Automated Agentic Tools.md", - "300 areas/350 AI/Security NPM packages tools.md", "300 areas/350 AI/AI Tools to try.md", "400 resources/410 Web Pages/Website Design AI.md", "300 areas/350 AI/Hermes Ai autonomous Agent.md", diff --git a/300 areas/350 AI/Pi Agent Extensions & Skills.md b/300 areas/350 AI/Pi Agent Extensions & Skills.md index 7d11a1c..1cb11e7 100644 --- a/300 areas/350 AI/Pi Agent Extensions & Skills.md +++ b/300 areas/350 AI/Pi Agent Extensions & Skills.md @@ -52,6 +52,55 @@ aliases: [] | **openspec-apply-change** | Implement tasks from an OpenSpec change | | **openspec-archive-change** | Archive completed changes | | **openspec-explore** | Explore ideas and clarify requirements | +| **npm-security** | Scan packages with SafeDep Vet, check typosquatting with npq, wrap installs with Socket Firewall | + +--- + +## Security Tools (npm Global) + +Three tools installed globally at `~/.local/share/npm-global/bin/` to guard package installs. + +### SafeDep Vet (`vet`) + +Scans local directories for multi-language malware signatures. Catches obfuscated code, suspicious imports, base64 payloads. + +```bash +# Scan a cloned repo before touching it +vet scan -D . --format json --filter "package.malware == true" + +# Scan package metadata from npm registry +vet scan package --format json +``` + +### Socket Firewall (`socket`) + +Wraps npm/pip installs with real-time scanning. Blocks malicious packages at install time. + +```bash +# Safe npm install +socket npm install + +# Safe pip install +socket pip install -r requirements.txt +``` + +### npq + +Checks package names against typosquatting lists before install. Lightweight, local, no phoning home. + +```bash +npq check --json +``` + +### Workflow + +``` +1. vet scan → checks for malware in the code/package +2. npq check → checks the package name for typosquatting +3. socket install → wraps the actual install with runtime scanning +``` + +The **npm-security** skill instructs the Pi agent to follow this workflow before any install. ---