AI Security Review
scanned 1d ago · by lpm-firewall-aiThe package is a Drawcall Market CLI that can install marketplace assets into a project. The unresolved risk is that asset metadata can cause a user-invoked install to run npx skills add -y for declared skill dependencies, mutating agent skill surfaces non-interactively.
Decision evidence
public snapshot- dist/install.js installs declared skillDependencies by running execFile('npx', ['--yes','skills','add', source, '-y']).
- dist/install.js downloads asset zip content from the Market API and writes normalized files into the caller project, then may merge dependencies into project package.json and run package manager install.
- skills/market/SKILL.md documents that installed assets may declare skill dependencies installed via skills add during market install.
- dist/commands/preview.js fetches dynamic asset.previewUrl and writes the bytes to a user-selected output path.
- package.json has no npm lifecycle scripts; install behavior is exposed through the user-invoked market CLI, not postinstall/import-time execution.
- dist/install.js rejects unsafe zip paths containing .. or absolute paths before writing downloaded asset files.
- dist/config.js stores only its own authToken/baseUrl under drawcall-market config with restrictive chmod; no broad credential harvesting was found.
- Network hosts are package-aligned Drawcall endpoints or user/API-supplied asset preview URLs.
- No obfuscated payload, eval/vm/Function, shell startup persistence, VCS hook writes, or AI-agent config file rewrites were found in inspected source.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/install.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/install.jsView on unpkg · L327