registry  /  @codepassion/skills  /  1.7.0

@codepassion/skills@1.7.0

Agent skills (SKILL.md) for CodePassion (C9N) engineering conventions, plus the c9n CLI for skill installs and tag-based deploys.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an explicit CLI that installs its own bundled skill directories into Claude, Codex, or project agent-skill locations. No automatic install-time mutation or confirmed exfiltration is established.

Static reason
No blocking static signals were detected.
Trigger
User runs `c9n skill install ...` or `c9n init` and confirms/uses `--yes`.
Impact
Installed skills may influence participating AI-agent workflows; mutation is user-invoked and scoped to C9N-owned skill directories.
Mechanism
Explicit first-party AI-agent skill installation and project bootstrap.
Rationale
No concrete malicious chain was found, but the package intentionally provisions first-party AI-agent extensions and can modify project setup when explicitly invoked. This fits a non-blocking lifecycle-risk warning under the stated policy.
Evidence
package.jsonbin/skill.jsbin/init.jsinstall.shskills/c9n-deliverables/scripts/data-dictionary.cjsskills$HOME/.claude/skills$HOME/.codex/skills.agents/skills.husky/commit-msg

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • Explicit `c9n skill install` copies bundled skills into agent skill directories.
  • `bin/init.js` can offer project `.agents/skills` installation after user confirmation or `--yes`.
  • Bundled `data-dictionary.cjs` reads DB env vars, but writes only requested schema documentation.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook; `prepare` is `husky || true`.
  • Agent-directory writes occur only through explicit CLI commands, with prompts for update/uninstall.
  • No source evidence of credential exfiltration, stealth persistence, remote payload loading, or destructive behavior.
  • Shell and child-process calls run named local tools for user-requested CLI actions.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 57.6 KB of source, external domains: cdn.jsdelivr.net, codepassion.atlassian.net, example.com, github.com

Source & flagged code

2 flagged · loading source
skills/c9n-deliverables/scripts/data-dictionary.cjsView file
6// Adjust the env var names below to match the target project's config. L7: const mysql = require('mysql2/promise') L8: const fs = require('fs')
Medium
Dynamic Require

Package source references dynamic require/import behavior.

skills/c9n-deliverables/scripts/data-dictionary.cjsView on unpkg · L6
install.shView file
path = install.sh kind = build_helper sizeBytes = 1533 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

install.shView on unpkg

Findings

4 Medium5 Low
MediumDynamic Requireskills/c9n-deliverables/scripts/data-dictionary.cjs
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings