AI Security Review
scanned 22h ago · by lpm-firewall-aiConfirmed unconsented AI-agent control-surface mutation at npm install time. The package installs its own agent skill globally across detected tools, or directly into Claude skills, before the user invokes the CLI.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs runs npx skills add skills/aicard -g -y --copy at install time
- scripts/postinstall.mjs fallback copies bundled skill into ~/.claude/skills/aicard without user invocation
- skills/aicard/SKILL.md instructs agents to run aicard setup --check first and can drive wallet/card purchase workflows
- bin/cli.mjs imports update-check at startup; src/update-check.mjs runs npm view then detached npm install -g and postinstall on newer version
- CLI payment, wallet, and Shopify flows are package-aligned and mostly user-invoked
- src/config.mjs stores generated local wallet config under ~/.aicard/config.json with mode 0600
- No static evidence of private key exfiltration or broad filesystem harvesting
- WalletConnect transfers require user wallet approval
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Package source references child process execution.
scripts/postinstall.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L3Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/walletconnect.mjsView on unpkg