AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Automatic installation mutates multiple unrelated AI-agent skill directories under the user's home directory. It also clears the Workctl cache even when skill installation fails.
Decision evidence
public snapshot- `install.js` runs automatically via `postinstall`.
- `install.js` extracts `assets/workctl-skills.zip` into four home-directory agent skill surfaces.
- It writes to `.agents/skills`, `.claude/skills`, `.cursor/skills`, and `.codex/skills` without user consent.
- It force-deletes and recreates `$HOME/.workctl/cache`.
- The archived skills direct AI agents to install/upgrade and authenticate this CLI.
- `bin/workctl.js` only resolves a platform package binary and forwards user CLI arguments.
- The launcher removes three runtime override variables before spawning the binary.
- Inspected JavaScript contains no credential harvesting or direct network client.
- The ZIP contains readable Markdown skill instructions, not an opaque executable payload.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage ships high-entropy non-source blobs.
assets/workctl-skills.zipView on unpkgPackage ships compressed or archive-like blobs.
assets/workctl-skills.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
assets/workctl-skills.zipView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
bin/workctl.jsView on unpkg