AI Security Review
scanned 2h ago · by lpm-firewall-aiThe confirmed issue is lifecycle-time shell startup file mutation for tab completion. This is persistent shell rc modification, but the installed snippet is package-aligned completion code and no install-time exfiltration or foreign AI-agent hijack was found.
Decision evidence
public snapshot- package.json runs scripts/postinstall.js and scripts/preuninstall.js as npm lifecycle hooks.
- scripts/postinstall.js silently appends an arbi completion function to ~/.zshrc or ~/.bashrc at install time.
- dist/index.js has user-invoked update paths that run npm view/npm install -g @arbidocs/cli@latest.
- dist/index.js can write ARBI skill content to ~/.claude/commands/arbi/SKILL.md, but only through agent setup/listen commands.
- No install-time credential harvesting, network call, remote code fetch, or AI-agent control-surface write found in lifecycle scripts.
- Shell completion invokes arbi --get-completions, which reads local completion cache rather than exfiltrating data.
- Agent/Claude skill installation is runtime user-invoked, documented in SKILL.md, and package-aligned.
- Network behavior is CLI-aligned: configured ARBI baseUrl plus https://central.arbi.work for deployment lookup.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3753Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L10Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/bench-upload.mjsView on unpkg · L23