Fix socket-setup SKILL.md inaccuracies and add package manager support

.claude-plugin/marketplace.json

@@ -9,50 +9,50 @@
   },
   "plugins": [
     {
-      "name": "scan",
-      "source": "./skills/scan",
+      "name": "socket-scan",
+      "source": "./skills/socket-scan",
       "skills": "./",
       "description": "Run a full dependency scan using the Socket CLI. Creates a scan in the Socket dashboard, checks all dependencies for vulnerabilities and supply-chain risks, performs Tier 1 reachability analysis for enterprise customers, and provides license compliance auditing with SBOM generation."
     },
     {
-      "name": "inspect",
-      "source": "./skills/inspect",
+      "name": "socket-inspect",
+      "source": "./skills/socket-inspect",
       "skills": "./",
       "description": "Research a package before you depend on it — pull every signal from Socket (scores, alerts, malware verdicts, CVEs, supply-chain risk), check the socket.dev package page, evaluate alternatives, and surface available Socket patches."
     },
     {
-      "name": "setup",
-      "source": "./skills/setup",
+      "name": "socket-setup",
+      "source": "./skills/socket-setup",
       "skills": "./",
       "description": "Set up Socket — prompt for API key, install the CLI, authenticate, configure policies and tokens, set up CI/CD for firewall or patch modes across GitHub, GitLab, Bitbucket, and other systems."
     },
     {
-      "name": "dep-patch",
-      "source": "./skills/dep-patch",
+      "name": "socket-dep-patch",
+      "source": "./skills/socket-dep-patch",
       "skills": "./",
-      "description": "Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /setup skill."
+      "description": "Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /socket-setup skill."
     },
     {
-      "name": "dep-upgrade",
-      "source": "./skills/dep-upgrade",
+      "name": "socket-dep-upgrade",
+      "source": "./skills/socket-dep-upgrade",
       "skills": "./",
       "description": "Use socket fix to find and update vulnerable dependencies one at a time, then fix any breaking changes in the codebase. Security-audited upgrades with automated code migration."
     },
     {
-      "name": "dep-cleanup",
-      "source": "./skills/dep-cleanup",
+      "name": "socket-dep-cleanup",
+      "source": "./skills/socket-dep-cleanup",
       "skills": "./",
       "description": "Evaluate and remove a single unused dependency from your project. Searches the entire codebase for all usages (imports, requires, config refs, scripts, type packages, indirect usage), reports findings, and performs full removal with verification."
     },
     {
-      "name": "dep-replace",
-      "source": "./skills/dep-replace",
+      "name": "socket-dep-replace",
+      "source": "./skills/socket-dep-replace",
       "skills": "./",
       "description": "Replace a dependency with an alternative package, eliminate it via code rewrite, or use socket-optimize for optimized replacements."
     },
     {
-      "name": "fix",
-      "source": "./skills/fix",
+      "name": "socket-fix",
+      "source": "./skills/socket-fix",
       "skills": "./",
       "description": "Holistic dependency repair — orchestrates cleanup, patching, and upgrades in a single workflow with three aggressiveness levels (conservative, cautious, full)."
     }

README.md

@@ -139,35 +139,35 @@ Install, authenticate, and configure Socket for your project.
 
 | Name | Description | Documentation |
 |------|-------------|---------------|
-| `setup` | Set up Socket — prompt for API key, install the CLI, authenticate, configure policies and tokens, set up CI/CD for firewall or patch modes across GitHub, GitLab, Bitbucket, and other systems. | [SKILL.md](skills/setup/SKILL.md) |
+| `socket-setup` | Set up Socket — prompt for API key, install the CLI, authenticate, configure policies and tokens, set up CI/CD for firewall or patch modes across GitHub, GitLab, Bitbucket, and other systems. | [SKILL.md](skills/socket-setup/SKILL.md) |
 
 #### Analysis
 
 Scan dependencies and inspect individual packages for security risks.
 
 | Name | Description | Documentation |
 |------|-------------|---------------|
-| `inspect` | Research a package before you depend on it — pull every signal from Socket (scores, alerts, malware verdicts, CVEs, supply-chain risk), check the socket.dev package page, evaluate alternatives, and surface available Socket patches. | [SKILL.md](skills/inspect/SKILL.md) |
-| `scan` | Run a full dependency scan using the Socket CLI. Creates a scan in the Socket dashboard, checks all dependencies for vulnerabilities and supply-chain risks, performs Tier 1 reachability analysis for enterprise customers, and provides license compliance auditing with SBOM generation. | [SKILL.md](skills/scan/SKILL.md) |
+| `socket-inspect` | Research a package before you depend on it — pull every signal from Socket (scores, alerts, malware verdicts, CVEs, supply-chain risk), check the socket.dev package page, evaluate alternatives, and surface available Socket patches. | [SKILL.md](skills/socket-inspect/SKILL.md) |
+| `socket-scan` | Run a full dependency scan using the Socket CLI. Creates a scan in the Socket dashboard, checks all dependencies for vulnerabilities and supply-chain risks, performs Tier 1 reachability analysis for enterprise customers, and provides license compliance auditing with SBOM generation. | [SKILL.md](skills/socket-scan/SKILL.md) |
 
 #### Dependency Management
 
 Upgrade, patch, and clean up individual dependencies.
 
 | Name | Description | Documentation |
 |------|-------------|---------------|
-| `dep-cleanup` | Evaluate and remove a single unused dependency from your project. Searches the entire codebase for all usages (imports, requires, config refs, scripts, type packages, indirect usage), reports findings, and performs full removal with verification. | [SKILL.md](skills/dep-cleanup/SKILL.md) |
-| `dep-patch` | Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /setup skill. | [SKILL.md](skills/dep-patch/SKILL.md) |
-| `dep-replace` | Replace a dependency with an alternative package, eliminate it via code rewrite, or use socket-optimize for optimized replacements. | [SKILL.md](skills/dep-replace/SKILL.md) |
-| `dep-upgrade` | Use socket fix to find and update vulnerable dependencies one at a time, then fix any breaking changes in the codebase. Security-audited upgrades with automated code migration. | [SKILL.md](skills/dep-upgrade/SKILL.md) |
+| `socket-dep-cleanup` | Evaluate and remove a single unused dependency from your project. Searches the entire codebase for all usages (imports, requires, config refs, scripts, type packages, indirect usage), reports findings, and performs full removal with verification. | [SKILL.md](skills/socket-dep-cleanup/SKILL.md) |
+| `socket-dep-patch` | Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /socket-setup skill. | [SKILL.md](skills/socket-dep-patch/SKILL.md) |
+| `socket-dep-replace` | Replace a dependency with an alternative package, eliminate it via code rewrite, or use socket-optimize for optimized replacements. | [SKILL.md](skills/socket-dep-replace/SKILL.md) |
+| `socket-dep-upgrade` | Use socket fix to find and update vulnerable dependencies one at a time, then fix any breaking changes in the codebase. Security-audited upgrades with automated code migration. | [SKILL.md](skills/socket-dep-upgrade/SKILL.md) |
 
 #### Fix
 
 Holistic dependency repair — orchestrate cleanup, patching, and upgrades in a single phased workflow.
 
 | Name | Description | Documentation |
 |------|-------------|---------------|
-| `fix` | Holistic dependency repair — orchestrates cleanup, patching, and upgrades in a single workflow with three aggressiveness levels (conservative, cautious, full). | [SKILL.md](skills/fix/SKILL.md) |
+| `socket-fix` | Holistic dependency repair — orchestrates cleanup, patching, and upgrades in a single workflow with three aggressiveness levels (conservative, cautious, full). | [SKILL.md](skills/socket-fix/SKILL.md) |
 <!-- END_SKILLS_TABLE -->
 
 ## Contributing

agents/AGENTS.md

@@ -6,14 +6,14 @@ You have additional SKILLs documented in directories containing a "SKILL.md" fil
 
 | Skill | Description |
 |-------|-------------|
-| dep-cleanup | Evaluate and remove a single unused dependency from your project. Searches the entire codebase for all usages (imports, requires, config refs, scripts, type packages, indirect usage), reports findings, and performs full removal with verification. |
-| dep-patch | Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /setup skill. |
-| dep-replace | Replace a dependency with an alternative package, eliminate it via code rewrite, or use socket-optimize for optimized replacements. |
-| dep-upgrade | Use socket fix to find and update vulnerable dependencies, then fix any breaking changes in the codebase. Security-audited upgrades with automated code migration. |
-| fix | Holistic dependency repair — orchestrates cleanup, replacement, patching, and upgrades in a single workflow with three aggressiveness levels (conservative, cautious, full). Delegates to /dep-cleanup, /dep-replace, /dep-patch, and /dep-upgrade as subroutines. |
-| inspect | Research a package before you depend on it — pull every signal from Socket (scores, alerts, malware verdicts, CVEs, supply-chain risk), check the socket.dev package page, evaluate alternatives, and surface available Socket patches. |
-| scan | Run a full dependency scan using the Socket CLI. Creates a scan in the Socket dashboard, checks all dependencies for vulnerabilities and supply-chain risks, performs Tier 1 reachability analysis for enterprise customers, and provides license compliance auditing with SBOM generation. |
-| setup | Set up Socket — prompt for API key, install the CLI, authenticate, configure policies and tokens, set up CI/CD for firewall or patch modes across GitHub, GitLab, Bitbucket, and other systems. |
+| socket-dep-cleanup | Evaluate and remove a single unused dependency from your project. Searches the entire codebase for all usages (imports, requires, config refs, scripts, type packages, indirect usage), reports findings, and performs full removal with verification. |
+| socket-dep-patch | Apply Socket's binary-level security patches without changing dependency versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and infrastructure setup, use the /socket-setup skill. |
+| socket-dep-replace | Replace a dependency with an alternative package, eliminate it via code rewrite, or use socket-optimize for optimized replacements. |
+| socket-dep-upgrade | Use socket fix to find and update vulnerable dependencies, then fix any breaking changes in the codebase. Security-audited upgrades with automated code migration. |
+| socket-fix | Holistic dependency repair — orchestrates cleanup, replacement, patching, and upgrades in a single workflow with three aggressiveness levels (conservative, cautious, full). Delegates to /socket-dep-cleanup, /socket-dep-replace, /socket-dep-patch, and /socket-dep-upgrade as subroutines. |
+| socket-inspect | Research a package before you depend on it — pull every signal from Socket (scores, alerts, malware verdicts, CVEs, supply-chain risk), check the socket.dev package page, evaluate alternatives, and surface available Socket patches. |
+| socket-scan | Run a full dependency scan using the Socket CLI. Creates a scan in the Socket dashboard, checks all dependencies for vulnerabilities and supply-chain risks, performs Tier 1 reachability analysis for enterprise customers, and provides license compliance auditing with SBOM generation. |
+| socket-setup | Set up Socket — prompt for API key, install the CLI, authenticate, configure policies and tokens, set up CI/CD for firewall or patch modes across GitHub, GitLab, Bitbucket, and other systems. |
 
 ## Usage
 
@@ -26,11 +26,11 @@ Paths referenced within SKILL folders are relative to that SKILL. For example th
 ## Skill Files
 
 The skills are located in:
-- `skills/dep-cleanup/SKILL.md`
-- `skills/dep-patch/SKILL.md`
-- `skills/dep-replace/SKILL.md`
-- `skills/dep-upgrade/SKILL.md`
-- `skills/fix/SKILL.md`
-- `skills/inspect/SKILL.md`
-- `skills/scan/SKILL.md`
-- `skills/setup/SKILL.md`
+- `skills/socket-dep-cleanup/SKILL.md`
+- `skills/socket-dep-patch/SKILL.md`
+- `skills/socket-dep-replace/SKILL.md`
+- `skills/socket-dep-upgrade/SKILL.md`
+- `skills/socket-fix/SKILL.md`
+- `skills/socket-inspect/SKILL.md`
+- `skills/socket-scan/SKILL.md`
+- `skills/socket-setup/SKILL.md`

scripts/generate-agents.ts

@@ -79,10 +79,10 @@ const CATEGORIES: [string, CategoryDef][] = [
 ];
 
 function getCategory(skillName: string): string {
-  if (skillName === "setup") return "setup";
-  if (skillName === "scan" || skillName === "inspect") return "analysis";
-  if (skillName.startsWith("dep-")) return "dep";
-  if (skillName === "fix") return "fix";
+  if (skillName === "socket-setup") return "setup";
+  if (skillName === "socket-scan" || skillName === "socket-inspect") return "analysis";
+  if (skillName.startsWith("socket-dep-")) return "dep";
+  if (skillName === "socket-fix") return "fix";
   return "setup";
 }
 

skills/dep-cleanup/SKILL.md → skills/socket-dep-cleanup/SKILL.md

@@ -1,5 +1,5 @@
 ---
-name: dep-cleanup
+name: socket-dep-cleanup
 description: Evaluate and remove a single unused dependency from your project. Searches
   the entire codebase for all usages (imports, requires, config refs, scripts, type
   packages, indirect usage), reports findings, and performs full removal with verification.
@@ -24,7 +24,7 @@ If the user specifies a package name, use that. Otherwise, ask which package the
 If the user isn't sure which package to evaluate, help them pick one:
 - Check `devDependencies` first — removing unused dev dependencies is lower risk
 - Look for packages with names that suggest narrow or outdated functionality
-- Suggest running `/scan` first to get an overview of the dependency landscape
+- Suggest running `/socket-scan` first to get an overview of the dependency landscape
 
 **One package at a time.** If the user wants to evaluate multiple packages, run this workflow once per package sequentially.
 
@@ -187,4 +187,4 @@ Follow the standard build & test verification workflow (see `skills/_shared/veri
 - Some packages are used only in CI, deployment scripts, or editor configs — the search in Step 3 covers these
 - For PyPI, consult the package metadata on pypi.org if the import name is unclear
 - For monorepos, check usage across all workspaces before removing a root dependency
-- After cleanup, use the `/scan` skill to verify no issues remain in the dependency set
+- After cleanup, use the `/socket-scan` skill to verify no issues remain in the dependency set

skills/dep-patch/SKILL.md → skills/socket-dep-patch/SKILL.md

@@ -1,19 +1,19 @@
 ---
-name: dep-patch
+name: socket-dep-patch
 description: Apply Socket's binary-level security patches without changing dependency
   versions. Uses socket-patch apply to fix vulnerabilities in-place. For CI/CD and
-  infrastructure setup, use the /setup skill.
+  infrastructure setup, use the /socket-setup skill.
 ---
 
 # Dep Patch
 
 Apply Socket's binary-level security patches to vulnerable dependencies **without changing their version numbers**. This skill uses `socket-patch apply` to fix known vulnerabilities in-place. Patches are applied in bulk — `socket-patch apply` patches all available packages at once.
 
-For setting up automated patching infrastructure (postinstall hooks, CI integration, GitHub Actions), use the `/setup` skill.
+For setting up automated patching infrastructure (postinstall hooks, CI integration, GitHub Actions), use the `/socket-setup` skill.
 
-## How This Differs from `/dep-upgrade`
+## How This Differs from `/socket-dep-upgrade`
 
-| | `/dep-patch` (this skill) | `/dep-upgrade` |
+| | `/socket-dep-patch` (this skill) | `/socket-dep-upgrade` |
 |---|---|---|
 | **Primary tool** | `socket-patch apply` | `socket fix` |
 | **What it does** | Applies binary-level patches without changing versions | Upgrades dependency versions to fix CVEs |
@@ -22,7 +22,7 @@ For setting up automated patching infrastructure (postinstall hooks, CI integrat
 | **Scope** | All patchable packages at once | One dependency at a time |
 | **When to use** | You need fixes without version churn, or the upstream fix doesn't exist yet | You want to bring dependencies up to date |
 
-Use `/dep-patch` when you want to fix vulnerabilities without risking breaking changes from version upgrades. Use `/dep-upgrade` when you want full version upgrades with automated code migration.
+Use `/socket-dep-patch` when you want to fix vulnerabilities without risking breaking changes from version upgrades. Use `/socket-dep-upgrade` when you want full version upgrades with automated code migration.
 
 ## When to Use
 
@@ -45,7 +45,7 @@ Choose the installation method for your ecosystem:
 | npm (global) | `npm install -g @socketsecurity/socket-patch` |
 | pip | `pip install socket-patch` |
 | cargo | `cargo install socket-patch-cli` |
-| Standalone (macOS/Linux) | `curl -fsSL https://raw.githubusercontent.com/nicolo-ribaudo/socket-patch-cli/main/install.sh \| sh` |
+| Standalone (macOS/Linux) | `curl -fsSL https://raw.githubusercontent.com/SocketDev/socket-patch/main/install.sh \| sh` |
 
 Verify installation:
 
@@ -87,7 +87,7 @@ After patching, verify the project still works:
 
 ## Setting Up Automated Patching
 
-To keep patches applied automatically in CI/CD or via postinstall hooks, use the `/setup` skill. It covers:
+To keep patches applied automatically in CI/CD or via postinstall hooks, use the `/socket-setup` skill. It covers:
 - GitHub Actions (`SocketDev/action@v1` with `mode: patch`)
 - GitLab CI / Bitbucket Pipelines / generic CI `socket-patch apply` steps
 - Local dev postinstall hooks (`socket-patch setup`)
@@ -96,7 +96,7 @@ To keep patches applied automatically in CI/CD or via postinstall hooks, use the
 ## Error Handling
 
 - **`socket-patch` not found**: Install it using one of the methods in Step 1. For CI, ensure the install step runs before `socket-patch apply`.
-- **No patches available**: This means Socket doesn't have binary patches for the current vulnerabilities. Consider using the `/dep-upgrade` skill to upgrade versions instead.
+- **No patches available**: This means Socket doesn't have binary patches for the current vulnerabilities. Consider using the `/socket-dep-upgrade` skill to upgrade versions instead.
 - **Build fails after patching**: Run `socket-patch apply --dry-run` to identify which patch caused the issue. Report the failing patch so the user can decide whether to skip it.
 - **Permission errors**: Ensure write access to `node_modules/` or the equivalent dependency directory.
 
@@ -106,5 +106,5 @@ To keep patches applied automatically in CI/CD or via postinstall hooks, use the
 - Use `SocketDev/action@v1` (correct casing) in GitHub workflow files
 - For monorepos, use `patch-cwd` to target specific directories
 - Commit `.socket/manifest.json` to track which patches are applied
-- After patching, use the `/scan` skill to verify no residual vulnerabilities remain
-- Combine with the `/dep-upgrade` skill for vulnerabilities that don't have binary patches available
+- After patching, use the `/socket-scan` skill to verify no residual vulnerabilities remain
+- Combine with the `/socket-dep-upgrade` skill for vulnerabilities that don't have binary patches available