AI Security Review
scanned 10h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installation mutates a consumer project's root AI-agent instruction files without an explicit user command. This establishes package-controlled instructions for future Codex and Claude sessions.
Decision evidence
public snapshot- `package.json` runs `node ./bin/init.js postinstall` during installation.
- `bin/init.js` resolves the consumer root from `INIT_CWD` and copies files there.
- Postinstall copies `templates/AGENTS.md` to `AGENTS.md` and `templates/CLAUDE.md` to `CLAUDE.md`.
- The dropped files direct Codex/Claude to follow package-supplied AI instructions and read package-controlled guidance.
- Installer skips when no consumer `package.json` exists or when installing the package itself.
- Existing destination files are not overwritten without `--force`.
- Inspected runtime entrypoint and installer show no network, credential harvesting, or shell execution.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/init.jsView on unpkg · L1Package source references dynamic require/import behavior.
bin/init.jsView on unpkg · L44