← ClaudeAtlas

huiyu-safe-ailisted

Lightweight AI security guard that intercepts risky install/download commands (npm, npx, pip, cargo, git clone) to block known malicious packages and scan for suspicious code. Invoke ONLY when user runs install/download/clone commands.
huiyu9144/huiyu-safe-ai · ★ 1 · AI & Automation · score 68
Install: claude install-skill huiyu9144/huiyu-safe-ai
# huiyu-safe-ai — Lightweight AI Supply Chain Shield A zero-overhead, 3-step security checkpoint that runs before any install or download command. It blocks known malicious packages, verifies package identity, and performs a quick code sniff when needed. --- ## Trigger Conditions (MUST match before activation) This skill activates ONLY when the user's message contains one of these command patterns: | Command Pattern | Examples | |----------------|----------| | `npm install` / `npm i` | `npm i express` | | `npx` | `npx create-react-app` | | `git clone` | `git clone https://...` | | `pip install` / `pip3 install` | `pip install requests` | | `cargo install` | `cargo install ripgrep` | | `yarn add` / `yarn install` | `yarn add lodash` | | `pnpm add` | `pnpm add vue` | **If no install/download command is present, DO NOT activate this skill. Stay silent.** --- ## Check Flow (3 Steps, Most Exit at Step 1) ``` [User wants to install/download] | v +-----------------+ | STEP 1: BLOCK? | <- Check blocklist (instant) | If blocked -> RED | +-------+---------+ | not blocked v +-----------------+ | STEP 2: TRUSTED?| <- Check identity (fast) | If trusted -> GREEN | +-------+---------+ | unknown v +-----------------+ | STEP 3: SNIFF? | <- Quick code scan (if available) | Malicious -> RED | | Clean -> YELLOW | +-----------------+ ``` --- ## STEP 1 — Blocklist Check Ch