registry  /  @andy-toolforge/coding-support  /  1.0.0

@andy-toolforge/coding-support@1.0.0

Toolforge domain: Code analysis tools — line counting, dead code detection, dependency graphs, complexity reports

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time script mutates a project-level AI agent skill directory. It plants package-provided instructions into .opencode/skills without user invocation beyond npm install.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install / postinstall lifecycle
Impact
AI agent control-surface mutation in the consuming project
Mechanism
unconsented lifecycle creation of OpenCode skill links/copies
Policy narrative
On install, npm runs skills/postinstall.js. The script resolves the consumer project as process.cwd(), creates .opencode/skills, then symlinks or copies package-supplied Markdown skill instructions into that AI agent control surface. There is no prompt, environment gate, existing-install check, or explicit CLI opt-in.
Rationale
The runtime library is benign local code analysis, but the lifecycle hook unconditionally plants agent instructions into a project-level .opencode skill surface. Under the install control-surface policy, unconsented lifecycle mutation of a broad/foreign AI-agent control surface is blockable even if the content is package-aligned.
Evidence
package.jsonskills/postinstall.jsskills/coding-code-reviewer.mdskills/coding-refactoring-advisor.mdlib/index.jslib/codebase-analyzer.js.opencode/skills/coding-support-coding-code-reviewer.md.opencode/skills/coding-support-coding-refactoring-advisor.md

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json runs postinstall: node skills/postinstall.js
  • skills/postinstall.js uses process.cwd() and creates .opencode/skills during install
  • postinstall symlinks or copies package Markdown skill files into the consumer project's .opencode/skills agent surface without an opt-in guard
Evidence against
  • lib/index.js only exports CodebaseAnalyzer
  • lib/codebase-analyzer.js performs local static analysis with fs/path and fast-glob
  • No network, child_process, eval, credential harvesting, or destructive file operations found
Behavioral surface
Source
ChildProcessFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 4 file(s), 26.8 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node skills/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node skills/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License