AI Security Review
scanned 6h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates an AI-agent skill control surface at install time. The planted files are package-aligned content-operation skills, but delivery is automatic via npm lifecycle into the consumer project.
Decision evidence
public snapshot- package.json runs postinstall: node skills/postinstall.js
- skills/postinstall.js uses process.cwd() and creates .opencode/skills during npm install
- postinstall links or copies all package skill .md files into that agent skill directory
- Dropped skills contain package-supplied OpenCode-style skill frontmatter and instructions
- No child_process, eval/vm/Function, native binary loading, or credential harvesting found
- No exfiltration endpoint found; runtime network is limited to user-supplied browserManager URL and LLMClient calls
- lib/index.js only exports content operation classes
- mcp-tools.js registers a package-aligned content research tool and requires code only in handler
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
skills/postinstall.jsView on unpkg · L5