registry  /  @devalok/shilp-sutra  /  0.44.0

@devalok/shilp-sutra@0.44.0

Devalok Design System — accessible React components, OKLCH design tokens, and Tailwind 4 CSS-first setup. Ships with AI-agent setup recipes.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The install-time code is a guarded UX banner with a local sentinel write; the agent-skill installer is documented and user-invoked, not lifecycle-triggered.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; skill/install.sh only runs if a user explicitly executes it
Impact
Benign install notice; optional user-directed skill installation from the project GitHub repo
Mechanism
interactive welcome banner and optional agent-skill installer
Rationale
Static inspection shows the scanner's AI-agent-control concern comes from bundled documentation/skill files and an optional installer, while the actual lifecycle hook only prints a guarded banner and writes a local sentinel. No source evidence shows unconsented agent config mutation, credential access, exfiltration, persistence, or destructive behavior.
Evidence
package.jsonscripts/welcome.mjsskill/install.shdist/ui/index.jsAGENTS.mdnode_modules/.shilp-sutra-welcomed$INSTALL_DIR/shilp-sutra/*
Network endpoints3
api.github.com/repos/devalok-design/shilp-sutra/git/trees/$BRANCH?recursive=1raw.githubusercontent.com/devalok-design/shilp-sutra/main/skills/shilp-sutra/install.shraw.githubusercontent.com/$REPO/$BRANCH/$path

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node scripts/welcome.mjs || true
  • scripts/welcome.mjs writes node_modules/.shilp-sutra-welcomed sentinel during interactive installs
  • skill/install.sh is a user-invoked helper that can fetch GitHub files and write an agent skill directory
Evidence against
  • scripts/welcome.mjs is a guarded welcome banner: skips CI/non-TTY/silent installs and has no network calls
  • postinstall writes only a package version sentinel under enclosing node_modules, not AI-agent config files
  • package.json agents field points to bundled ./skill metadata; no lifecycle auto-installs the skill
  • dist/ui/index.js only runs a browser token-CSS presence check and console.warn on import
  • rg found no credential harvesting, exfiltration, child_process, eval, or destructive behavior in lifecycle/runtime files
  • fonts/*.woff2 are expected design-system font assets, not executed code
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 181 file(s), 1.53 MB of source, external domains: cdn.jsdelivr.net, player.vimeo.com, prosemirror.net, radix-ui.com, shilp-sutra.devalok.in, www.figma.com, www.loom.com, www.npmjs.com, www.w3.org, www.youtube.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/welcome.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/welcome.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/welcome.mjsView file
4Install-time AI-agent control hijack evidence: L27: L28: import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs' L29: import { dirname, join, resolve } from 'node:path' ... L102: try { L103: mkdirSync(dirname(sentinel), { recursive: true }) L104: writeFileSync(sentinel, version + '\n') L105: } catch { ... L186: lines.push(row(` ${colour('cp -r node_modules/@devalok/shilp-sutra/skill \\', DIM)}`)) L187: lines.push(row(` ${colour('~/.claude/skills/shilp-sutra', DIM)}`)) L188: lines.push(colour(EMPTY, PINK_DIM)) ... L209: ` ${colour('▸', PINK)} Theme: ${colour('https://shilp-sutra.devalok.in/themer', DIM)}`, L210: ` ${colour('▸', PINK)} AI: ${colour('cp -r node_modules/@devalok/shilp-sutra/skill ~/.claude/skills/shilp-sutra', DIM)}`, Payload evidence from skill/SKILL.md: L4: license: MIT L5: metadata: L6: version: "0.44.0" L7: author: Devalok Design & Strategy Studios L8: homepage: https://github.com/devalok-design/shilp-sutra L9: npm: https://www.npmjs.com/package/@devalok/shilp-sutra ... L19: - The user mentions `shilp-sutra`, `@devalok`, Devalok, or Devalok's design system. L20: - The project's `package.json` lists `@devalok/shilp-sutra` or `@dev…
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/welcome.mjsView on unpkg · L4
skill/install.shView file
path = skill/install.sh kind = build_helper sizeBytes = 1903 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skill/install.shView on unpkg
fonts/Inter-Italic-Variable.woff2View file
path = fonts/Inter-Italic-Variable.woff2 kind = high_entropy_blob sizeBytes = 387976 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

fonts/Inter-Italic-Variable.woff2View on unpkg

Findings

1 Critical2 High4 Medium4 Low
CriticalAi Agent Control Hijackscripts/welcome.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighShips High Entropy Blobfonts/Inter-Italic-Variable.woff2
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helperskill/install.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings