diff --git a/packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh b/packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh
index d6c9efd..94ed364 100644
--- a/packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh
+++ b/packages/safe-chain/src/shell-integration/path-wrappers/templates/unix-wrapper.template.sh
@@ -4,13 +4,21 @@
 
 # Function to remove shim from PATH (POSIX-compliant)
 remove_shim_from_path() {
-    echo "$PATH" | sed "s|$HOME/.safe-chain/shims:||g"
+    _safe_chain_shims="${SAFE_CHAIN_DIR:-$HOME/.safe-chain}/shims"
+    echo "$PATH" | sed "s|${_safe_chain_shims}:||g"
 }
 
 if command -v safe-chain >/dev/null 2>&1; then
   # Remove shim directory from PATH when calling {{AIKIDO_COMMAND}} to prevent infinite loops
   PATH=$(remove_shim_from_path) exec safe-chain {{PACKAGE_MANAGER}} "$@"
 else
+  # safe-chain is not reachable — warn the user so they know protection is inactive
+  if [ -n "$SAFE_CHAIN_DIR" ]; then
+    printf "\033[43;30mWarning:\033[0m safe-chain is not accessible. Check that '%s/bin' is readable and executable by the current user.\n" "$SAFE_CHAIN_DIR" >&2
+  else
+    printf "\033[43;30mWarning:\033[0m safe-chain is not available to protect you from installing malware. {{PACKAGE_MANAGER}} will run without it.\n" >&2
+  fi
+
   # Dynamically find original {{PACKAGE_MANAGER}} (excluding this shim directory)
   original_cmd=$(PATH=$(remove_shim_from_path) command -v {{PACKAGE_MANAGER}})
   if [ -n "$original_cmd" ]; then
diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
index 13463f6..a705634 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-fish.fish
@@ -1,4 +1,5 @@
-set -gx PATH $PATH $HOME/.safe-chain/bin
+set -l safe_chain_base (if set -q SAFE_CHAIN_DIR; echo $SAFE_CHAIN_DIR; else; echo $HOME/.safe-chain; end)
+set -gx PATH $PATH $safe_chain_base/bin
 
 function npx
     wrapSafeChainCommand "npx" $argv
diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
index ebaaf3c..b567902 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-posix.sh
@@ -1,4 +1,4 @@
-export PATH="$PATH:$HOME/.safe-chain/bin"
+export PATH="$PATH:${SAFE_CHAIN_DIR:-$HOME/.safe-chain}/bin"
 
 function npx() {
   wrapSafeChainCommand "npx" "$@"
diff --git a/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1 b/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
index f82d0fc..bcdd1c6 100644
--- a/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
+++ b/packages/safe-chain/src/shell-integration/startup-scripts/init-pwsh.ps1
@@ -2,7 +2,8 @@
 # $IsWindows is only available in PowerShell Core 6.0+. If it doesn't exist, assume Windows PowerShell
 $isWindowsPlatform = if (Test-Path variable:IsWindows) { $IsWindows } else { $true }
 $pathSeparator = if ($isWindowsPlatform) { ';' } else { ':' }
-$safeChainBin = Join-Path (Join-Path $HOME '.safe-chain') 'bin'
+$safeChainBase = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $HOME '.safe-chain' }
+$safeChainBin = Join-Path $safeChainBase 'bin'
 $env:PATH = "$env:PATH$pathSeparator$safeChainBin"
 
 function npx {
diff --git a/test/e2e/DockerTestContainer.js b/test/e2e/DockerTestContainer.js
index 95a467c..cd48c4e 100644
--- a/test/e2e/DockerTestContainer.js
+++ b/test/e2e/DockerTestContainer.js
@@ -84,10 +84,14 @@ export class DockerTestContainer {
     }
   }
 
-  async openShell(shell) {
+  async openShell(shell, { user } = {}) {
+    const execArgs = user
+      ? ["exec", "-it", "-u", user, this.containerName, shell]
+      : ["exec", "-it", this.containerName, shell];
+
     let ptyProcess = pty.spawn(
       "docker",
-      ["exec", "-it", this.containerName, shell],
+      execArgs,
       {
         name: "xterm-color",
         cols: 80,
diff --git a/test/e2e/safe-chain-dir.e2e.spec.js b/test/e2e/safe-chain-dir.e2e.spec.js
new file mode 100644
index 0000000..e28bd72
--- /dev/null
+++ b/test/e2e/safe-chain-dir.e2e.spec.js
@@ -0,0 +1,115 @@
+import { describe, it, before, beforeEach, afterEach } from "node:test";
+import { DockerTestContainer } from "./DockerTestContainer.js";
+import assert from "node:assert";
+
+const CUSTOM_DIR = "/usr/local/.safe-chain";
+
+describe("E2E: SAFE_CHAIN_DIR support", () => {
+  let container;
+
+  before(async () => {
+    DockerTestContainer.buildImage();
+  });
+
+  beforeEach(async () => {
+    container = new DockerTestContainer();
+    await container.start();
+  });
+
+  afterEach(async () => {
+    if (container) {
+      await container.stop();
+      container = null;
+    }
+  });
+
+  it("setup-ci installs shims in the custom directory when SAFE_CHAIN_DIR is set", async () => {
+    const shell = await container.openShell("bash");
+    await shell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
+    await shell.runCommand("safe-chain setup-ci");
+
+    // Shims should be in the custom dir
+    const customShimResult = await shell.runCommand(
+      `test -f ${CUSTOM_DIR}/shims/npm && echo "EXISTS"`
+    );
+    assert.ok(
+      customShimResult.output.includes("EXISTS"),
+      `Expected npm shim at ${CUSTOM_DIR}/shims/npm. Output:\n${customShimResult.output}`
+    );
+
+    // Default location should NOT have been created
+    const defaultShimResult = await shell.runCommand(
+      `test -d $HOME/.safe-chain/shims && echo "EXISTS" || echo "ABSENT"`
+    );
+    assert.ok(
+      defaultShimResult.output.includes("ABSENT"),
+      `Expected default shims dir to be absent. Output:\n${defaultShimResult.output}`
+    );
+  });
+
+  it("setup-ci writes the custom directory path to GITHUB_PATH when SAFE_CHAIN_DIR is set", async () => {
+    const shell = await container.openShell("bash");
+    await shell.runCommand("export GITHUB_PATH=/tmp/github_path");
+    await shell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
+    await shell.runCommand("safe-chain setup-ci");
+
+    const result = await shell.runCommand("cat /tmp/github_path");
+    assert.ok(
+      result.output.includes(`${CUSTOM_DIR}/shims`),
+      `Expected GITHUB_PATH to contain custom shims dir. Output:\n${result.output}`
+    );
+    assert.ok(
+      result.output.includes(`${CUSTOM_DIR}/bin`),
+      `Expected GITHUB_PATH to contain custom bin dir. Output:\n${result.output}`
+    );
+  });
+
+  it("safe-chain protects a non-root user when installed to a shared dir with SAFE_CHAIN_DIR", async () => {
+    // Step 1: create a non-root user inside the container
+    container.dockerExec("useradd -m safeuser");
+
+    // Step 2: as root, run setup-ci with the shared SAFE_CHAIN_DIR
+    const rootShell = await container.openShell("bash");
+    await rootShell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
+    await rootShell.runCommand("safe-chain setup-ci");
+
+    // Step 3: simulate what install-safe-chain.sh does — place the safe-chain binary
+    // in SAFE_CHAIN_DIR/bin. In Docker tests safe-chain is installed via npm/Volta,
+    // so we symlink it there.
+    container.dockerExec(`mkdir -p ${CUSTOM_DIR}/bin`);
+    container.dockerExec(
+      `ln -sf \\$(which safe-chain) ${CUSTOM_DIR}/bin/safe-chain`
+    );
+
+    // Step 4: make npm accessible to all users (in real Dockerfiles npm is installed
+    // before the user switch; here Volta manages it for root, so we symlink it).
+    container.dockerExec("ln -sf \\$(which npm) /usr/local/bin/npm");
+
+    // Step 5: make the shared safe-chain dir readable + executable by all users
+    container.dockerExec(`chmod -R a+rx ${CUSTOM_DIR}`);
+
+    // Step 6: Volta installs under /root/.volta which is only accessible to root by
+    // default. /root/ itself is mode 700, so safeuser can't traverse into it even
+    // if .volta/ is world-readable. Fix both levels. Safe in a throw-away container.
+    container.dockerExec("chmod a+x /root && chmod -R a+rX /root/.volta");
+
+    // Step 7: as the non-root user, set SAFE_CHAIN_DIR and PATH, then run npm.
+    // SAFE_CHAIN_DIR must be set so the shim knows which dir to strip from PATH
+    // when invoking the real npm (prevents infinite loop).
+    const userShell = await container.openShell("bash", { user: "safeuser" });
+    await userShell.runCommand(`export SAFE_CHAIN_DIR=${CUSTOM_DIR}`);
+    // Reuse root's Volta dir so safeuser doesn't trigger a slow first-run setup
+    await userShell.runCommand("export VOLTA_HOME=/root/.volta");
+    await userShell.runCommand(
+      `export PATH="${CUSTOM_DIR}/shims:${CUSTOM_DIR}/bin:$PATH"`
+    );
+    const result = await userShell.runCommand(
+      "npm i axios@1.13.0 --safe-chain-logging=verbose"
+    );
+
+    assert.ok(
+      result.output.includes("Safe-chain: Scanned"),
+      `Expected safe-chain to protect non-root user. Output:\n${result.output}`
+    );
+  });
+});