Pi
Install the Vulnetix security plugin for Pi.
Quick Install
npx skills add Vulnetix/pix-ai-coding-assistant
This installs the Vulnetix security skills into your project’s .pi/skills directory.
Prerequisites
Before running the install command:
- Node.js — Required to run
npx. Install from nodejs.org if not already available. - Vulnetix CLI — Install and authenticate following the prerequisites guide.
- jq — Required by plugin hooks for JSON processing. See prerequisites for install instructions.
What Gets Installed
The plugin registers the following into .pi/skills:
| Component | Count | Details |
|---|---|---|
| Hooks | 6 | Pre-commit scan, manifest edit gate, post-install scan, session dashboard, stop reminder, vuln context inject |
| Skills | 6 | package-search, exploits, fix, vuln, exploits-search, remediation |
| Commands | 4 | vdb-vuln, vdb-vulns, vdb-exploits-search, vdb-remediation |
| Agents | 1 | bulk-triage — parallel vulnerability triage and prioritization |
Native Hooks
Pi supports hooks via its TypeScript extension API. The plugin ships pi-extension.ts which registers beforeToolCall and afterToolCall handlers, wrapping the shared Vulnetix bash scripts.
The following lifecycle events are wired up:
| Hook | Event | Tools Matched | Action |
|---|---|---|---|
| Pre-Commit Scan | beforeToolCall | bash, shell, terminal | Block git commit if vulns found |
| Manifest Edit Gate | beforeToolCall | write_file, edit_file | Gate manifest edits |
| Post-Install Scan | afterToolCall | bash, shell, terminal | SBOM after package install |
After install, register the extension in your Pi configuration:
cp hooks/ts/pi-extension.ts .pi/extensions/vulnetix.ts
See Hooks documentation for details on each hook.
Verify Installation
Run the dashboard skill to confirm everything is working:
/vulnetix:dashboard
You should see a vulnerability summary table for your project’s dependencies. If you get an authentication error, re-run vulnetix auth login.
Upgrade
Re-run the install command to pull the latest version:
npx skills add Vulnetix/pix-ai-coding-assistant
This overwrites existing files with the latest version. Your .vulnetix/memory.yaml and cached data are not affected.
Uninstall
Remove the plugin skills:
rm -rf .pi/skills
To also remove cached vulnerability data and memory:
rm -rf .vulnetix/