Loading npm security reports…
own your agent skills — vet, sign, and pin every skill & MCP server before it runs. The supply-chain gate for AI agents. Part of Own Your Stack.
LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. An explicit user command can persist a truecopy-owned Claude Skill gate; its default command later uses an npx GitHub package reference.
Package text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgPackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkg