AI Security Review
scanned 13h ago · by lpm-firewall-aiInstall-time lifecycle code registers a package-supplied AI agent skill globally and falls back to writing into Claude's home skill directory. This is an unconsented mutation of broad/foreign AI-agent control surfaces during npm install.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs runs npx skills add <package skill> -g -y --copy at install time
- scripts/postinstall.mjs fallback copies bundled skill into ~/.claude/skills/aicard
- Bundled skills/aicard/SKILL.md instructs agents to run aicard setup --check and payment/card commands
- postinstall uses child_process execFileSync to invoke npx during npm lifecycle
- No direct credential exfiltration found in inspected source
- CLI payment/network behavior is mostly user-invoked after install
- Wallet private key generation/storage is documented as local in skills/aicard/SKILL.md and src/commands/setup.mjs
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Package source references child process execution.
scripts/postinstall.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L3Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/update-check.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/walletconnect.mjsView on unpkg