AI Security Review
scanned 23h ago · by lpm-firewall-aiThe package mutates AI-agent control surfaces at install time by globally installing bundled agent skills/instructions without an explicit user command. Those instructions can cause agents to run payment-related CLI actions in later conversations.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs executes npx skills add skills/aicard -g -y --copy during install.
- scripts/postinstall.mjs fallback copies bundled skill to ~/.claude/skills/aicard.
- skills/aicard/SKILL.md tells agents to run setup --check on entry and execute card creation once amount is specified.
- src/update-check.mjs checks npm on CLI startup and spawns background npm install -g plus postinstall for newer versions.
- CLI payment/network behavior is mostly aligned with virtual-card functionality.
- Private keys are read from CLI/env/local config and used for wallet signing; no direct credential exfiltration code found.
- Card data caching in src/shop/cards.mjs is local ~/.aicard storage with redacted listing support.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Package source references child process execution.
scripts/postinstall.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L3Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/walletconnect.mjsView on unpkg