AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates a project-level AI-agent skill surface by adding package-supplied instructions. This is unconsented control-surface modification during npm install, even though the instructions are package-aligned.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
Installs AI-agent instructions into the consumer project, altering future agent behavior without explicit user action.
Mechanism
lifecycle-created .opencode skill symlinks/copies
Policy narrative
On npm install, the postinstall script creates .opencode/skills in the consuming project and links or copies package markdown skill files there. Those files define agent-facing workflows and rules, so the package modifies a broad AI-agent control surface without an explicit CLI action or opt-in.
Rationale
The package has benign runtime book-writing code, but its install hook unconditionally writes package instructions into a project-level AI-agent skills directory. Under the install control-surface policy, unconsented lifecycle mutation of a foreign/broad agent surface is blockable.
Evidence
package.jsonskills/postinstall.jsskills/book-writing-assistant.mdskills/book-summarizer.mdlib/writer.js.opencode/skills/book-writing-book-writing-assistant.md.opencode/skills/book-writing-book-summarizer.md
Decision evidence
public snapshotAI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- package.json runs postinstall: node skills/postinstall.js
- skills/postinstall.js creates .opencode/skills under process.cwd() at install time
- postinstall symlinks or copies package markdown skill files into that agent skill directory without user opt-in
- skills/*.md are AI-agent instructions for book writing/summarization
Evidence against
- No credential harvesting, network calls, shell execution, or destructive filesystem behavior found
- Runtime lib/writer.js is package-aligned book-writing functionality using caller-provided llmClient
Behavioral surface
Filesystem
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node skills/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node skills/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High1 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowNo License