AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs the `wl-skills-design` CLI, especially `init` (default profile: `agents`).
Impact
Can influence configured AI coding agents in the target project through installed instruction files.
Mechanism
Explicit project-scoped AI-agent configuration deployment with backup and rollback.
Rationale
No concrete malicious chain is present, but the package has an explicit capability to alter AI-agent control surfaces in a target project. Per policy, explicit user-command agent configuration mutation is warn-worthy rather than a publish block.
Evidence
package.jsonbin/wl-skills-design.jsfiles/.github/skills/_compat/editors.jsonfiles/AGENTS.mdREADME.mdAGENTS.mdCLAUDE.md.github/copilot-instructions.md.cursor/rules/conventions.mdc.windsurf/rules/conventions.md.clinerules/conventions.md.kiro/steering/conventions.md.trae/rules/conventions.md.qoder/rules/conventions.md.wl-skills-design/state.json.wl-skills-design/backups/
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `bin/wl-skills-design.js` explicitly copies bundled agent rules into a chosen target project.
- Default `init` selects the `agents` profile and writes `AGENTS.md`.
- `editors.json` maps explicit profiles to Copilot, Claude, Cursor, Windsurf, Cline, Kiro, Trae, and Qoder control files.
- `package.json` has a guarded `prepare` hook that invokes Husky only inside a Git worktree when Husky exists.
Evidence against
- No `preinstall`, `install`, or `postinstall` lifecycle hook is present.
- No network, credential, environment-harvesting, shell-payload, eval, or dynamic remote-load code was found.
- The CLI is a user-invoked bin; imports only Node `crypto`, `fs`, `path`, and its own manifest.
- Writes are constrained to the supplied target with path-containment checks, conflict detection, backups, and rollback.
- Bundled payloads are text/JSON/DrawIO assets; no executables or binary loaders were found.
Behavioral surface
CryptoDynamicRequireFilesystem
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading sourcebin/wl-skills-design.jsView file
4L5: const crypto = require("node:crypto");
L6: const fs = require("node:fs");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/wl-skills-design.jsView on unpkg · L4Findings
1 Medium5 Low
MediumDynamic Requirebin/wl-skills-design.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License