AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates broad, foreign AI-agent control surfaces under the user's home directory. It creates global skill directories and drops package-supplied instructions without user invocation.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/postinstall.js` creates five global AI-agent skill directories.
- The postinstall writes package-controlled `SKILL.md` into Claude, Codex, OpenCode, Copilot, and `.agents`.
- Writes occur even when those agent directories did not previously exist.
- Postinstall downloads, extracts, chmods, and installs a native executable.
- Downloaded release asset is SHA-256 checked against a paired checksum file.
- Network URL is package-aligned GitHub Releases.
- No source evidence of credential harvesting or data exfiltration.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/cli.jsView on unpkg