AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack was found. The remaining risk is a first-party AI-agent skill setup path: postinstall advertises it, and an explicit installer can write package instructions into ~/.claude/skills.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/welcome.mjs || true
- scripts/welcome.mjs writes a version sentinel at node_modules/.shilp-sutra-welcomed
- scripts/welcome.mjs prints instructions to copy package skill into ~/.claude/skills/shilp-sutra
- skill/install.sh explicitly installs a first-party agent skill into $HOME/.claude/skills by default
- skill/install.sh fetches package-owned skill files from GitHub when user runs it
- postinstall has CI, non-TTY, silent loglevel, dev-install, and opt-out guards
- postinstall only reads package.json and writes a local sentinel; it does not modify agent config
- No credential harvesting, broad filesystem scan, or exfiltration found in inspected lifecycle code
- Runtime dist/ui/index.js is a UI barrel with token-load warning only
- Network use is limited to explicit user-run skill/install.sh and package-aligned GitHub/themer URLs
- High-entropy blob is a normal .woff2 font asset
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/welcome.mjsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
skill/install.shView on unpkgPackage ships high-entropy non-source blobs.
fonts/Inter-Italic-Variable.woff2View on unpkg