AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The local UI offers a user-invoked skill installer. It fetches a GitHub skills catalog and writes selected skill files under the package-owned EvoScientist configuration area.
Decision evidence
public snapshot- `/api/skills/install` downloads GitHub catalog files into `~/.evoscientist/skills/<name>`.
- Skill installation is reachable at runtime through the local UI, not an npm lifecycle hook.
- The installer validates skill names and resolved paths, but installs remote agent-extension content.
- `package.json` has no `preinstall`, `install`, or `postinstall` script.
- `bin/evoscientist-webui.mjs` only starts `dist/server.js`, polls localhost, and opens that URL.
- Skill-install POST requests reject cross-origin `Origin` values.
- The flagged `icon.png.body` is a valid 64×64 PNG.
- No dynamic `eval`, `Function`, or VM execution was found in package-owned runtime chunks.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
bin/evoscientist-webui.mjsView on unpkg · L1Manifest entrypoint contains risky behavior absent from dist/build output.
bin/evoscientist-webui.mjsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/evoscientist-webui.mjsView on unpkg · L41Package ships high-entropy non-source blobs.
dist/.next/server/app/icon.png.bodyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
dist/.next/server/app/icon.png.bodyView on unpkg