registry  /  @barlevalon/skills  /  1.1.0

@barlevalon/skills@1.1.0

Bootstrap Alon's agentic environment with maintained local skills and upstream workflow skills.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the `skills` CLI, particularly its default bootstrap or selected agent installation.
Impact
A user-approved command can alter agent-visible instructions and install externally fetched workflow skills.
Mechanism
Explicit agent-skill provisioning and managed instruction-file updates.
Rationale
No concrete malicious chain or unconsented install-time mutation is present. Warn because the CLI intentionally provisions broad agent instruction and skill surfaces, including external GitHub content, when invoked.
Evidence
package.jsonbin/skills.mjslib/install-policy.mjscatalog/sources.jsonAGENTS.md.github/copilot-instructions.md.agents/skills/*.claude/skills/*~/.agents/skills/*~/.claude/skills/*
Network endpoints1
github.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/skills.mjs` default bootstrap clones external GitHub skill sources.
  • `bin/skills.mjs` writes project/global `.agents/skills` and `.claude/skills`.
  • `bin/skills.mjs` updates `AGENTS.md` and `.github/copilot-instructions.md` after confirmation.
  • `bin/skills.mjs` invokes `pi install` only for an explicit `--agent pi` selection.
Evidence against
  • `package.json` defines no preinstall/install/postinstall lifecycle hook.
  • Only executable is the user-invoked `bin/skills.mjs` CLI.
  • No credential harvesting, exfiltration, eval, dynamic code loading, or hidden binary found.
  • External source copies reject symlinks and protect unmanaged target directories unless `--force` is supplied.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 47.4 KB of source, external domains: github.com

Source & flagged code

1 flagged · loading source
catalog/skills/diagnosing-bugs/scripts/hitl-loop.template.shView file
path = catalog/skills/diagnosing-bugs/scripts/hitl-loop.template.sh kind = build_helper sizeBytes = 1164 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

catalog/skills/diagnosing-bugs/scripts/hitl-loop.template.shView on unpkg

Findings

3 Medium4 Low
MediumEnvironment Vars
MediumShips Build Helpercatalog/skills/diagnosing-bugs/scripts/hitl-loop.template.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings