registry  /  @agile-team/wl-skills-design  /  0.7.1

@agile-team/wl-skills-design@0.7.1

产品设计 AI 技能包 — 9 条设计规范、8 个原生 Agent Skill、可验证路由与按编辑器安装

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the `wl-skills-design` CLI, especially `init` (default profile: `agents`).
Impact
Can influence configured AI coding agents in the target project through installed instruction files.
Mechanism
Explicit project-scoped AI-agent configuration deployment with backup and rollback.
Rationale
No concrete malicious chain is present, but the package has an explicit capability to alter AI-agent control surfaces in a target project. Per policy, explicit user-command agent configuration mutation is warn-worthy rather than a publish block.
Evidence
package.jsonbin/wl-skills-design.jsfiles/.github/skills/_compat/editors.jsonfiles/AGENTS.mdREADME.mdAGENTS.mdCLAUDE.md.github/copilot-instructions.md.cursor/rules/conventions.mdc.windsurf/rules/conventions.md.clinerules/conventions.md.kiro/steering/conventions.md.trae/rules/conventions.md.qoder/rules/conventions.md.wl-skills-design/state.json.wl-skills-design/backups/

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/wl-skills-design.js` explicitly copies bundled agent rules into a chosen target project.
  • Default `init` selects the `agents` profile and writes `AGENTS.md`.
  • `editors.json` maps explicit profiles to Copilot, Claude, Cursor, Windsurf, Cline, Kiro, Trae, and Qoder control files.
  • `package.json` has a guarded `prepare` hook that invokes Husky only inside a Git worktree when Husky exists.
Evidence against
  • No `preinstall`, `install`, or `postinstall` lifecycle hook is present.
  • No network, credential, environment-harvesting, shell-payload, eval, or dynamic remote-load code was found.
  • The CLI is a user-invoked bin; imports only Node `crypto`, `fs`, `path`, and its own manifest.
  • Writes are constrained to the supplied target with path-containment checks, conflict detection, backups, and rollback.
  • Bundled payloads are text/JSON/DrawIO assets; no executables or binary loaders were found.
Behavioral surface
Source
CryptoDynamicRequireFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 1 file(s), 18.9 KB of source

Source & flagged code

1 flagged · loading source
bin/wl-skills-design.jsView file
4L5: const crypto = require("node:crypto"); L6: const fs = require("node:fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/wl-skills-design.jsView on unpkg · L4

Findings

1 Medium5 Low
MediumDynamic Requirebin/wl-skills-design.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License