AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs install-time AI-agent skill installation into multiple home-directory agent control surfaces. This is unconsented postinstall mutation of broad/foreign agent skill directories.
Decision evidence
public snapshot- package.json defines postinstall: node install.js
- install.js extracts assets/workctl-skills.zip at install time
- install.js copies extracted skills into ~/.agents/skills/workctl, ~/.claude/skills/workctl, ~/.cursor/skills/workctl, and ~/.codex/skills/workctl
- install.js deletes $WORKCTL_CONFIG_DIR/cache or ~/.workctl/cache to force fresh command discovery
- Bundled SKILL.md instructs agents to install/upgrade @accio-ai/cli@latest and use workctl workflows
- bin/workctl.js only resolves and spawns a platform-specific @accio-ai/cli-* binary or vendor binary
- bin/workctl.js removes WORKCTL_MCP_URL, WORKCTL_CATALOG_FIXTURE, and WORKCTL_RUNTIME_CONFIG before spawning
- Inspected JS sources show no eval/vm/Function, credential harvesting, or network exfiltration
- Zip contents are markdown skills/references, not executable binaries or scripts
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage ships high-entropy non-source blobs.
assets/workctl-skills.zipView on unpkgPackage ships compressed or archive-like blobs.
assets/workctl-skills.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
assets/workctl-skills.zipView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
bin/workctl.jsView on unpkg