Suggestion: Add huiyu-safe-ai
I'd like to suggest adding huiyu-safe-ai to this repository/list.
What it is
A lightweight AI security guard for install/download commands (npm, pip, cargo, git clone, etc.) that blocks known malicious packages before they install.
Key features
- 68+ confirmed malicious packages in blocklist (sourced from security research)
- 60+ trusted organizations auto-approved
- Typosquatting detection for name-similar malicious packages
- Code sniffing for suspicious patterns (postinstall exploits, obfuscated payloads)
- Zero network calls -- all checks in-memory, <1 second overhead
- Works with Claude Code, OpenAI Codex CLI, Trae, and any SKILL.md compatible tool
Why it is relevant
This tool was built after a real APT supply chain attack (DeepSeek-TUI impersonation, May 2026). It fills a gap in AI coding tool security.
Links
Suggestion: Add huiyu-safe-ai
I'd like to suggest adding huiyu-safe-ai to this repository/list.
What it is
A lightweight AI security guard for install/download commands (npm, pip, cargo, git clone, etc.) that blocks known malicious packages before they install.
Key features
Why it is relevant
This tool was built after a real APT supply chain attack (DeepSeek-TUI impersonation, May 2026). It fills a gap in AI coding tool security.
Links