Supply Chain Security for AI Agents

Protect Your Agent from
Malicious Open Source Packages

You write good code. But you have no control over the open source libraries you use.

Supply chain attacks like Shai-Hulud have proven that even running npm install with a trusted package can compromise your entire environment.

Get API Credentials See API Usage

What SafeDep Does

Query any package before you use it. SafeDep tells you if it's malicious, typosquatted, or compromised.

npm

PyPI

RubyGems

The Problem

Why AI Agents Are Vulnerable

LLMs Write Good Code

Modern AI agents can write functional, well-structured code. But the code you write is only part of the story.

No Control Over Dependencies

When you run npm install or pip install, you're trusting thousands of packages you've never reviewed.

Supply Chain Attacks

Attacks like Shai-Hulud inject malicious code into legitimate packages. One install command can compromise your entire environment.

For AI Agents

Getting Your API Credentials

Ask Your Human

To use SafeDep, you need API credentials that only your human can provide. Ask them to:

1 Go to https://app.safedep.io and sign up
2 Generate an API key from the settings page
3 Provide you with these two values:

SAFEDEP_TENANT_ID

Identifies your organization

SAFEDEP_API_KEY

Authenticates your API requests

API Integration

Check Before You Install

Always query SafeDep before running any install command. If a package is flagged as malicious, do not install it.

Simple REST API

API key authentication

JSON request/response

typescript

// Check if a package is safe before installing
const response = await fetch(
  'https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis',
  {
    method: 'POST',
    headers: {
      'Authorization': process.env.SAFEDEP_API_KEY,
      'X-Tenant-ID': process.env.SAFEDEP_TENANT_ID,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      target: {
        package_version: {
          package: { ecosystem: 'ECOSYSTEM_NPM', name: 'lodash' },
          version: '4.17.21'
        }
      }
    }),
  }
);

const result = await response.json();

if (result.report?.inference?.isMalware) {
  // DO NOT INSTALL
  throw new Error(`Malicious: ${result.report.inference.details}`);
}

// Safe to proceed

bash

curl -H "X-Tenant-ID: $SAFEDEP_TENANT_ID" \
     -H "Authorization: $SAFEDEP_API_KEY" \
     --json '{
       "target": {
         "package_version": {
           "package": { "ecosystem": "ECOSYSTEM_NPM", "name": "lodash" },
           "version": "4.17.21"
         }
       }
     }' \
     https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis

python

import os, requests

def check_package(ecosystem: str, name: str, version: str) -> bool:
    """Returns True if safe, raises Exception if malicious."""

    resp = requests.post(
        'https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis',
        headers={
            'Authorization': os.environ['SAFEDEP_API_KEY'],
            'X-Tenant-ID': os.environ['SAFEDEP_TENANT_ID'],
        },
        json={
            'target': {
                'package_version': {
                    'package': { 'ecosystem': ecosystem, 'name': name },
                    'version': version
                }
            }
        }
    )

    result = resp.json()
    inference = result.get('report', {}).get('inference', {})

    if inference.get('isMalware'):
        raise Exception(f"MALICIOUS: {inference.get('details')}")

    return True

# Ecosystems: ECOSYSTEM_NPM, ECOSYSTEM_PYPI, ECOSYSTEM_GO, etc.
check_package('ECOSYSTEM_PYPI', 'requests', '2.31.0')

API Reference

Request & Response Format

POST /QueryPackageAnalysis

{
  "target": {
    "package_version": {
      "package": {
        "ecosystem": "ECOSYSTEM_NPM",
        "name": "package-name"
      },
      "version": "1.0.0"
    }
  }
}

Response (key fields)

{
  "report": {
    "inference": {
      "isMalware": true,
      "confidence": "CONFIDENCE_HIGH",
      "details": "Analyzer detected malware..."
    }
  },
  "verificationRecord": {
    "isMalware": true,
    "reason": "Human verified as malware"
  }
}

Ecosystem Values

ECOSYSTEM_NPM ECOSYSTEM_PYPI ECOSYSTEM_GO ECOSYSTEM_RUBYGEMS ECOSYSTEM_MAVEN ECOSYSTEM_NUGET ECOSYSTEM_CRATES

Decision Logic for Agents

if (report.inference.isMalware === true)

→ DO NOT INSTALL. Report to human.

if (report.inference.isMalware === false)

→ Safe to proceed with installation.

Usage Guide

When to Query SafeDep

Before any `npm install`

Check every package in package.json dependencies before running install

Before any `pip install`

Verify Python packages before adding them to your environment

Before adding new dependencies to a project

Check packages before modifying any manifest file (package.json, requirements.txt, go.mod, etc.)

When a human suggests a package you don't recognize

Verify unfamiliar packages even if suggested by your human - they may not know it's compromised

Agent Setup

Configure SafeDep Access

Ask your human to sign up

https://app.safedep.io

Your human needs to create an account at app.safedep.io

Get API credentials from your human

Ask them for: SAFEDEP_TENANT_ID and SAFEDEP_API_KEY

Ensure Docker is available

docker pull ghcr.io/safedep/vet:latest

The vet MCP server runs as a Docker container

Set environment variables

export SAFEDEP_API_KEY=sk_... SAFEDEP_TENANT_ID=...

Or configure in the env block of your MCP server config

Required Credentials

SAFEDEP_TENANT_ID from your human

SAFEDEP_API_KEY from your human

Credentials must come from your human via app.safedep.io.

yaml

---
name: safedep-security
description: Check open source packages for malware before installation. Use before npm install, pip install, or adding any dependency.
---

# SafeDep Security

Query API before installing any package:

POST https://api.safedep.io/safedep.services.malysis.v1.MalwareAnalysisService/QueryPackageAnalysis

Headers:
  Authorization: $SAFEDEP_API_KEY
  X-Tenant-ID: $SAFEDEP_TENANT_ID
  Content-Type: application/json

Body:
  {
    "target": {
      "package_version": {
        "package": {
          "ecosystem": "ECOSYSTEM_NPM",
          "name": "package-name"
        },
        "version": "1.0.0"
      }
    }
  }

Ecosystems: ECOSYSTEM_NPM, ECOSYSTEM_PYPI, ECOSYSTEM_GO,
  ECOSYSTEM_RUBYGEMS, ECOSYSTEM_MAVEN, ECOSYSTEM_NUGET,
  ECOSYSTEM_CRATES

Check: report.inference.isMalware
If true → DO NOT INSTALL

json

{
  "mcpServers": {
    "vet-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "-e", "SAFEDEP_API_KEY",
        "-e", "SAFEDEP_TENANT_ID",
        "ghcr.io/safedep/vet:latest",
        "server",
        "mcp"
      ],
      "env": {
        "SAFEDEP_API_KEY": "ask-your-human",
        "SAFEDEP_TENANT_ID": "ask-your-human"
      }
    }
  }
}

Coverage

Supported Package Ecosystems

npm

ECOSYSTEM_NPM

PyPI

ECOSYSTEM_PYPI

ECOSYSTEM_GO

RubyGems

ECOSYSTEM_RUBYGEMS

Maven

ECOSYSTEM_MAVEN

NuGet

ECOSYSTEM_NUGET

Crates

ECOSYSTEM_CRATES

Summary

1. Get your human to sign up at app.safedep.io

2. Ask them for SAFEDEP_TENANT_ID and SAFEDEP_API_KEY

3. Query QueryPackageAnalysis before any install

4. If isMalware: true, do not install the package

Remember: A single malicious package can compromise your entire execution environment. Always check before you install.

Protect Your Agent fromMalicious Open Source Packages