AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The install-time code is a guarded UX banner with a local sentinel write; the agent-skill installer is documented and user-invoked, not lifecycle-triggered.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/welcome.mjs || true
- scripts/welcome.mjs writes node_modules/.shilp-sutra-welcomed sentinel during interactive installs
- skill/install.sh is a user-invoked helper that can fetch GitHub files and write an agent skill directory
- scripts/welcome.mjs is a guarded welcome banner: skips CI/non-TTY/silent installs and has no network calls
- postinstall writes only a package version sentinel under enclosing node_modules, not AI-agent config files
- package.json agents field points to bundled ./skill metadata; no lifecycle auto-installs the skill
- dist/ui/index.js only runs a browser token-CSS presence check and console.warn on import
- rg found no credential harvesting, exfiltration, child_process, eval, or destructive behavior in lifecycle/runtime files
- fonts/*.woff2 are expected design-system font assets, not executed code
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/welcome.mjsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
skill/install.shView on unpkgPackage ships high-entropy non-source blobs.
fonts/Inter-Italic-Variable.woff2View on unpkg