AI Security Review
scanned 1d ago · by lpm-firewall-aiThe package mutates AI-agent control surfaces during npm install by installing a bundled skill globally or copying it into Claude Code skills. CLI startup also performs silent background self-upgrade and reruns the postinstall installer.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs invokes npx skills add ... -g -y --copy at install time.
- scripts/postinstall.mjs fallback copies skills/aicard into ~/.claude/skills/aicard without user confirmation.
- src/update-check.mjs runs npm view on CLI startup, then background npm install -g and reruns postinstall for newer versions.
- skills/aicard/SKILL.md instructs agents to always run aicard setup --check and to execute card creation after amount selection.
- src/commands/setup.mjs auto-generates and stores a private key in ~/.aicard/config.json when setup --check is run.
- Network and wallet operations are mostly aligned with the advertised virtual-card/x402 CLI purpose.
- Private key display is masked in setup --show.
- Card data is sanitized before normal create output.
- No source evidence of credential exfiltration from arbitrary env/files beyond configured wallet/payment flows.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Package source references child process execution.
scripts/postinstall.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L3