registry  /  @andy-toolforge/content-operations  /  1.0.0

@andy-toolforge/content-operations@1.0.0

Toolforge domain: content operations — research, plan, create, distribute, analyze

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package automatically installs agent skill files into a project-level .opencode/skills directory during npm postinstall. This is an unconsented lifecycle mutation of an AI-agent control surface.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
AI agent behavior can be extended or influenced in the consumer project without explicit user action
Mechanism
postinstall creates .opencode/skills and symlinks/copies package skill markdown
Policy narrative
On installation, npm runs skills/postinstall.js. The script uses process.cwd() as the consumer project root, creates .opencode/skills, and links or copies every package markdown skill into that directory. Although the skill content appears aligned with content operations and the library code is mostly prompt-based, the delivery mechanism automatically mutates a broad project AI-agent skill surface at lifecycle time.
Rationale
Source inspection confirms automatic lifecycle installation into .opencode/skills, which falls under unconsented AI-agent control-surface mutation. The absence of exfiltration or classic malware does not remove the blockable install-time agent hijack behavior.
Evidence
package.jsonskills/postinstall.jsskills/trend-discovery.mdskills/blog-writing.mdlib/index.jslib/researcher.js.opencode/skills/content-operations-*.mdskills/*.md

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json runs postinstall: node skills/postinstall.js
  • skills/postinstall.js creates .opencode/skills under install cwd
  • postinstall symlinks or copies package .md skill files into that agent skill directory
  • Lifecycle mutation is automatic and unprompted during npm install
Evidence against
  • lib/index.js only exports content operation classes
  • lib/*.js primarily builds LLM prompts and validates inputs
  • No credential harvesting or environment scanning found
  • No hardcoded network endpoint; competitor URL fetch is user-supplied and runtime-only
Behavioral surface
Source
Filesystem
Supply chain
UrlStrings
Manifest
NoLicense
scanned 13 file(s), 73.8 KB of source, external domains: example.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node skills/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node skills/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License