AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installation unconditionally mutates multiple third-party global AI-agent skill control surfaces. It also downloads and installs a platform binary from the package's GitHub Releases.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` automatically on installation.
- `scripts/postinstall.js` creates and writes a package-supplied `SKILL.md` into five global AI-agent directories, including `~/.codex` and `~/.claude`.
- The lifecycle writer is unconditional on supported platforms and creates missing agent directories recursively.
- `scripts/installer.js` also downloads a release archive during postinstall, extracts it, and installs `bin/specsync` for later execution.
- No credential, environment-variable, or local-file harvesting appears in the inspected JavaScript.
- No source evidence of data exfiltration, destructive commands, eval, or shell-string execution.
- The downloaded archive is SHA-256 checked against a release-provided checksum before extraction.
- The bundled skill describes the package CLI and includes safety guidance; no prompt-injection instructions were found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/postinstall.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/cli.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
bin/cli.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/installer.jsView on unpkg