AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an explicit CLI that installs its own bundled skill directories into Claude, Codex, or project agent-skill locations. No automatic install-time mutation or confirmed exfiltration is established.
Static reason
No blocking static signals were detected.
Trigger
User runs `c9n skill install ...` or `c9n init` and confirms/uses `--yes`.
Impact
Installed skills may influence participating AI-agent workflows; mutation is user-invoked and scoped to C9N-owned skill directories.
Mechanism
Explicit first-party AI-agent skill installation and project bootstrap.
Rationale
No concrete malicious chain was found, but the package intentionally provisions first-party AI-agent extensions and can modify project setup when explicitly invoked. This fits a non-blocking lifecycle-risk warning under the stated policy.
Evidence
package.jsonbin/skill.jsbin/init.jsinstall.shskills/c9n-deliverables/scripts/data-dictionary.cjsskills$HOME/.claude/skills$HOME/.codex/skills.agents/skills.husky/commit-msg
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- Explicit `c9n skill install` copies bundled skills into agent skill directories.
- `bin/init.js` can offer project `.agents/skills` installation after user confirmation or `--yes`.
- Bundled `data-dictionary.cjs` reads DB env vars, but writes only requested schema documentation.
Evidence against
- `package.json` has no preinstall/install/postinstall hook; `prepare` is `husky || true`.
- Agent-directory writes occur only through explicit CLI commands, with prompts for update/uninstall.
- No source evidence of credential exfiltration, stealth persistence, remote payload loading, or destructive behavior.
- Shell and child-process calls run named local tools for user-requested CLI actions.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourceskills/c9n-deliverables/scripts/data-dictionary.cjsView file
6// Adjust the env var names below to match the target project's config.
L7: const mysql = require('mysql2/promise')
L8: const fs = require('fs')
Medium
Dynamic Require
Package source references dynamic require/import behavior.
skills/c9n-deliverables/scripts/data-dictionary.cjsView on unpkg · L6install.shView file
•path = install.sh
kind = build_helper
sizeBytes = 1533
magicHex = [redacted]
Medium
Findings
4 Medium5 Low
MediumDynamic Requireskills/c9n-deliverables/scripts/data-dictionary.cjs
MediumEnvironment Vars
MediumShips Build Helperinstall.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings