AI Security Review
scanned 12d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates AI-agent control surfaces during npm postinstall by globally installing a bundled agent skill. The installed skill can steer future AI-agent behavior toward wallet and payment commands.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs runs npx skills add <package skill> -g -y --copy during install
- scripts/postinstall.mjs fallback copies bundled skill into ~/.claude/skills/aigateway
- skills/aigateway/SKILL.md contains agent instructions to run aigateway wallet-init first and drive wallet/payment flows
- bin/cli.mjs imports update-check, which can npm install -g a newer package and rerun postinstall on normal CLI startup
- No install-time credential/env harvesting found in scripts/postinstall.mjs
- Runtime wallet and x402 commands are advertised package functionality and user-invoked
- No obfuscated eval/vm/native binary loader found in inspected source
- Network endpoints mostly align with payment gateway, catalog, update, WalletConnect, and OKX installer behavior
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.mjsView on unpkg · L9Package source references child process execution.
scripts/postinstall.mjsView on unpkg · L12Package source invokes a package manager install command at runtime.
scripts/postinstall.mjsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version.
src/okx-wallet.mjsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/okx-wallet.mjsView on unpkg · L7Source file is highly similar to a previously finalized malicious package; route for source-aware review.
src/okx-wallet.mjsView on unpkgPackage ships high-entropy non-source blobs.
src/assets/fonts/sf-pro-display_medium_500.woff2View on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
src/walletconnect.mjsView on unpkg