registry  /  @andy-toolforge/book-writing  /  1.0.0

@andy-toolforge/book-writing@1.0.0

Toolforge domain: Book writing engine — outline generation, chapter writing, consistency review, multi-format export

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates a project-level AI-agent skill surface by adding package-supplied instructions. This is unconsented control-surface modification during npm install, even though the instructions are package-aligned.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
Installs AI-agent instructions into the consumer project, altering future agent behavior without explicit user action.
Mechanism
lifecycle-created .opencode skill symlinks/copies
Policy narrative
On npm install, the postinstall script creates .opencode/skills in the consuming project and links or copies package markdown skill files there. Those files define agent-facing workflows and rules, so the package modifies a broad AI-agent control surface without an explicit CLI action or opt-in.
Rationale
The package has benign runtime book-writing code, but its install hook unconditionally writes package instructions into a project-level AI-agent skills directory. Under the install control-surface policy, unconsented lifecycle mutation of a foreign/broad agent surface is blockable.
Evidence
package.jsonskills/postinstall.jsskills/book-writing-assistant.mdskills/book-summarizer.mdlib/writer.js.opencode/skills/book-writing-book-writing-assistant.md.opencode/skills/book-writing-book-summarizer.md

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json runs postinstall: node skills/postinstall.js
  • skills/postinstall.js creates .opencode/skills under process.cwd() at install time
  • postinstall symlinks or copies package markdown skill files into that agent skill directory without user opt-in
  • skills/*.md are AI-agent instructions for book writing/summarization
Evidence against
  • No credential harvesting, network calls, shell execution, or destructive filesystem behavior found
  • Runtime lib/writer.js is package-aligned book-writing functionality using caller-provided llmClient
Behavioral surface
Source
Filesystem
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 4 file(s), 21.6 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node skills/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node skills/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowNo License