
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
pi-roblox-docs
Advanced tools
Pi-native Roblox API and Luau docs lookup from a local cache — no resident MCP server or background daemon.
pi-roblox-docs registers Roblox documentation tools directly inside Pi's TypeScript extension runtime with pi.registerTool().
uvx, or background Node daemonFor maintenance direction and phased goals, see ROADMAP.md.
Tools
| Tool | Purpose |
|---|---|
roblox_sync | Download or update the local Roblox API cache |
roblox_health | Show cache/index status and freshness |
roblox_search | Search classes, members, and enums |
roblox_get_class | Show one class with grouped members |
roblox_get_member | Show one class member |
roblox_get_enum | Show enum values |
roblox_lookup_enum | Resolve fuzzy enum names or near-miss aliases |
roblox_get_luau_global | Look up Luau built-ins and Roblox globals/libraries |
roblox_search_devforum | Search Roblox Developer Forum discussions |
roblox_clear_cache | Delete the package-owned local cache |
Commands
| Command | Purpose |
|---|---|
/roblox:sync | Sync local Roblox docs cache |
/roblox:sync --force | Redownload even when versions match |
/roblox:health | Show cache/index status and freshness |
/roblox:devforum <query> | Search DevForum discussions |
/roblox:clear-cache | Delete local cache after confirmation |
From npm:
pi install npm:pi-roblox-docs
From GitHub:
pi install git:github.com/eiei114/pi-roblox-docs
Local development:
git clone https://github.com/eiei114/pi-roblox-docs.git
cd pi-roblox-docs
npm ci
pi -e ./extensions/roblox-docs.ts
Install the package (see above).
Sync the local cache:
/roblox:sync
or call roblox_sync with force=false.
Ask Roblox API questions in Pi, for example:
task.wait do?"After the first sync, use roblox_search, roblox_get_class, roblox_get_member, roblox_get_enum, and roblox_lookup_enum for Roblox instance APIs. Use roblox_get_luau_global for Luau built-ins and Roblox globals such as math, task, and typeof.
roblox_health and /roblox:health report cache freshness with a 7-day stale threshold. Run roblox_sync when the cache is stale or missing.
For detailed workflows, cache policy, Luau-vs-class guidance, and tool examples, see:
| Path | Purpose |
|---|---|
extensions/ | Pi TypeScript extension entrypoint and helper modules |
docs/ | Optional supporting docs (usage, examples, release) |
README.md | GitHub/npm entrypoint |
LICENSE | MIT license |
CHANGELOG.md | Release history |
SECURITY.md | Vulnerability reporting |
ROADMAP.md | Maintenance direction and phased goals |
npm ci
npm run check
This package is configured for npm Trusted Publishing. No NPM_TOKEN is stored in the repo.
npm version patch
git push
See docs/release.md for Trusted Publishing setup and workflow details.
docs/ is optional supporting documentation, not a fixed template doc set. README stays the GitHub/npm entrypoint.
docs/usage.md — cache policy, data sources, Luau vs class lookup, troubleshootingdocs/examples.md — tool and command examplesdocs/release.md — Trusted Publishing and release workflowPi packages can execute code with your local permissions. This extension downloads public Roblox API dumps, may query the Roblox Developer Forum, and writes cache files under an OS-specific package-owned directory. Review extensions before installing third-party packages.
For vulnerability reporting, see SECURITY.md.
MIT
FAQs
Pi native Roblox documentation tools without a background MCP server.
We found that pi-roblox-docs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.