New Blog: Understanding Agent Skills Threat Model
Edit Calendar Icon 23 Jan 2026
SafeDep Logo
Threat Intelligence for AI Coding Agents

Stop. Check Every Package. Before You Install It.

Every AI coding agent, including Claude Code, Cursor, Copilot, and Windsurf, installs packages blindly. Supply chain attacks like Shai-Hulud have proven that a single npm install can compromise your environment. You need threat intelligence.

Start Quickstart See Decision Contract

What SafeDep Does

Query any package before you use it. SafeDep returns machine inference plus human verification signals so agents can make safer install decisions.

npm npm
PyPI PyPI
Go Go
RubyGems RubyGems
Maven Maven
NuGet NuGet
Quickstart

Get an Agent Ready in 3 Steps

Step 1

Create Account

A human admin signs up and creates your tenant.

Navigate to app.safedep.io

Step 2

Admin Generates Credentials

Human admin creates and provides SAFEDEP_TENANT_ID and SAFEDEP_API_KEY.

Step 3

Enforce Before Install

Query SafeDep before install, lockfile updates, or dependency PRs.

Risk Context

Why Agent Dependency Decisions Need Guardrails

1

Fast Code, Fast Risk

Agents generate and run commands quickly. Bad dependency suggestions propagate just as quickly.

2

Install Is an Execution Step

npm install and pip install execute untrusted third-party code paths.

3

One Bad Package Is Enough

A single compromised package can exfiltrate secrets, tamper builds, or persist in CI and developer hosts.

Why Trust This Signal

Threat Intelligence Designed for Automated Decisions

Trust comes from what you can inspect, run, and verify yourself.

Open Source by Default

Core SafeDep tooling is public, so teams can inspect behavior and validate integrations.

safedep/vet safedep/pmg safedep/xbom

Inspectable Security Decisions

Agent policy is explicit: evaluate inference and verification signals before install, and fail closed on uncertainty.

Portable, Not Opaque

Use SafeDep APIs with OSS tools in your own workflows. You can reproduce checks and review outcomes independently.

Review source and community discussions: GitHub Repo · Discussions
Decision Contract

Canonical Policy for AI Agents

Precedence Rules

Block install if report.inference.isMalware === true.

Block install if verificationRecord.isMalware === true.

Proceed only when both fields are explicitly false.

Failure Behavior

If API call fails, times out, or returns invalid JSON: block install and ask human.

If response is partial or missing malware fields: treat as unknown and block.

Default posture: fail closed on uncertainty.

API Integration

API Quickstart

Call SafeDep before install actions. Apply the decision contract directly in your agent runtime.

Simple REST API
API key authentication
JSON request/response
typescript 
const response = await fetch(
  'https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis',
  {
    method: 'POST',
    headers: {
      Authorization: process.env.SAFEDEP_API_KEY!,
      'X-Tenant-ID': process.env.SAFEDEP_TENANT_ID!,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      target: {
        package_version: {
          package: { ecosystem: 'ECOSYSTEM_NPM', name: 'lodash' },
          version: '4.17.21',
        },
      },
    }),
  }
);

if (!response.ok) {
  throw new Error('SafeDep unavailable: block install and ask human');
}

const result = await response.json();
const inferred = result.report?.inference?.isMalware === true;
const verified = result.verificationRecord?.isMalware === true;

if (inferred || verified) {
  throw new Error('Malicious package detected: do not install');
}

// Safe to proceed when both checks are explicitly false.
API Reference

Request and Key Response Fields

POST /QueryPackageAnalysis
{
  "target": {
    "package_version": {
      "package": {
        "ecosystem": "ECOSYSTEM_NPM",
        "name": "package-name"
      },
      "version": "1.0.0"
    }
  }
}
Response Fields for Decisioning
{
  "report": {
    "inference": {
      "isMalware": false,
      "confidence": "CONFIDENCE_HIGH",
      "details": "..."
    }
  },
  "verificationRecord": {
    "isMalware": false,
    "reason": "..."
  }
}

Supported Ecosystem Values

ECOSYSTEM_NPM ECOSYSTEM_PYPI ECOSYSTEM_GO ECOSYSTEM_RUBYGEMS ECOSYSTEM_MAVEN ECOSYSTEM_NUGET ECOSYSTEM_CRATES
Agent Setup

Configure SafeDep Access

1

Ask your human to sign up

https://app.safedep.io

Your human creates the SafeDep account and tenant.

2

Human admin generates credentials

Human admin provides SAFEDEP_TENANT_ID and SAFEDEP_API_KEY to agent config.

3

Add SafeDep to your client

Use SKILL.md or MCP Config, then enforce decision contract before installs.

Required Credentials

SAFEDEP_TENANT_ID from your human
SAFEDEP_API_KEY from your human

Credentials must come from your human via app.safedep.io.

yaml 
---
name: safedep-security
description: Query SafeDep before adding or installing dependencies.
---

# SafeDep Security Policy

Before install or lockfile updates, call:
POST https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis

Headers:
  Authorization: $SAFEDEP_API_KEY
  X-Tenant-ID: $SAFEDEP_TENANT_ID
  Content-Type: application/json

Decision contract:
- If report.inference.isMalware == true: block install and notify human
- If verificationRecord.isMalware == true: block install and notify human
- If SafeDep request fails, times out, or returns invalid response: block install and ask human
- Proceed only when both malware signals are explicitly false
Coverage

Supported Package Ecosystems

npm

ECOSYSTEM_NPM

PyPI

ECOSYSTEM_PYPI

Go

ECOSYSTEM_GO

RubyGems

ECOSYSTEM_RUBYGEMS

Maven

ECOSYSTEM_MAVEN

NuGet

ECOSYSTEM_NUGET

Crates

ECOSYSTEM_CRATES

Adopt Safe Defaults for Agent Installs

Use SafeDep as a hard gate in your install workflow: query, evaluate both malware signals, and fail closed when uncertain.

Get API Credentials Read API Documentation