registry  /  @clipboard-health/ai-rules  /  2.30.0

@clipboard-health/ai-rules@2.30.0

Pre-built AI agent rules for consistent coding standards.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User adds the documented sync-ai-rules/postinstall script or manually runs scripts/sync.js; later Claude SessionStart runs .claude/setup.sh.
Impact
Creates or updates project agent rule files and a Claude SessionStart hook; setup.sh may install nvm and run npm ci for the project.
Mechanism
explicit user-command AI-agent config mutation and dependency bootstrap
Rationale
Source inspection shows documented, user-invoked AI-agent setup with broad project file writes and a Claude hook, so it merits warning under the agent control-surface policy. There is no hidden package lifecycle hook, credential exfiltration, destructive behavior, or remote payload execution sufficient to block publishing.
Evidence
package.jsonREADME.mdscripts/sync.jsscripts/setup.shscripts/execAndLog.jsskills/frontend-ui-verification/scripts/inspect-ui-verification-surface.shskills/cognito-user-analysis/scripts/check-prerequisites.sh.rules/.agents/AGENTS.mdCLAUDE.md.claude/setup.sh.claude/settings.json$CLAUDE_ENV_FILE$HOME/.cache/agent-deps
Network endpoints2
raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.shapi.clipboard.health/api/user/agentSearch

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • README.md instructs consumers to add a postinstall script invoking scripts/sync.js.
  • scripts/sync.js writes .rules/, .agents/, AGENTS.md, CLAUDE.md, .claude/setup.sh, and .claude/settings.json.
  • scripts/sync.js adds a Claude SessionStart hook for "$CLAUDE_PROJECT_DIR"/.claude/setup.sh.
  • scripts/setup.sh can install nvm via curl|bash and run npm ci when the Claude hook/direct setup runs.
Evidence against
  • package.json itself has no preinstall/install/postinstall lifecycle hook, bin, main, dependencies, or runtime entrypoint.
  • The sync behavior is documented in README.md and requires an explicit consumer script or direct node invocation.
  • scripts/sync.js removes only its known Claude hook commands and preserves unrelated settings entries.
  • No credential harvesting or exfiltration path found; NPM_TOKEN/1Password handling is used only to run npm commands.
  • Network use found is package-aligned setup/tooling, not remote payload execution beyond documented nvm installer.
Behavioral surface
Source
ChildProcessFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 20.7 KB of source

Source & flagged code

1 flagged · loading source
scripts/setup.shView file
path = scripts/setup.sh kind = build_helper sizeBytes = 7027 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/setup.shView on unpkg

Findings

2 Medium3 Low
MediumShips Build Helperscripts/setup.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings