Screen packages and agent skill repos for malware and supply-chain risk before adoption with SafeDep Vet
Use SafeDep Vet as a pre-adoption gate when an agent, maintainer, or CI pipeline is about to add a new dependency or import a skill repository and needs malware and policy signals first.
npx skills add agentskillexchange/skills --skill screen-packages-and-agent-skill-repos-for-malware-and-supply-chain-risk-before-adoption-with-safedep-vet
This skill is for the decision point before a new dependency, repository, or agent skill is allowed into the workspace. It covers the workflow of scanning manifests, repositories, SBOM inputs, or agent skill repos, then applying malware, vulnerability, and policy checks before the dependency is trusted.
What this skill actually does
Invoke this instead of using the package ecosystem normally when the important task is not installation but pre-adoption screening. It fits well in CI, review checklists, and guarded agent workflows that should not pull in unknown packages or skills without a safety pass.
The scope boundary is meaningful: this is not a generic package manager or generic security platform listing. It is specifically the SafeDep Vet workflow for scanning candidate dependencies or skill repos before they are admitted.