registry  /  @geoly-ai/social-hub-cli  /  0.2.3

@geoly-ai/social-hub-cli@0.2.3

social-hub CLI for Social Ops Hub

AI Security Review

scanned 1h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `social-hub skills install`/`update`, or supplies `--yes` for non-interactive execution.
Impact
Bundled Social Hub instructions can be placed in agent skill directories; existing unmanaged skill directories are protected unless `--force` is supplied.
Mechanism
Explicit AI-agent skill deployment with managed-directory replacement.
Rationale
Not malicious by source inspection, but it has a real explicit AI-agent control-surface write capability. Downgrade to warn under the firewall policy for user-command agent configuration mutation.
Evidence
package.jsonpostinstall-guard.cjsdist/postinstall.jsdist/register-skills.jsdist/skills/agent-targets.jsdist/skills/install-planner.jsdist/skills/installer.js~/.codex/skills~/.cursor/skills~/.claude/skills
Network endpoints3
redd.eclick-geo.com/apiregistry.npmjs.orgcodeload.github.com

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/skills/installer.js` copies or symlinks bundled skills into agent skill directories and removes managed target directories during update/remove.
  • `dist/skills/agent-targets.js` includes global and project paths for Codex, Cursor, Claude Code, and other agents.
  • `dist/register-skills.js` can auto-detect installed agents and install skills after an interactive confirmation or `--yes`.
Evidence against
  • `postinstall-guard.cjs` only loads `dist/postinstall.js`; it performs no agent-config or filesystem mutation.
  • `dist/postinstall.js` only prints an opt-outable installation hint and exits in CI.
  • `dist/skills/install-planner.js` skips unmanaged existing directories unless the user supplies `--force`.
  • No obfuscated payload, shell-eval path, credential harvesting, or install-time network call was found in inspected package code.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 55 file(s), 379 KB of source, external domains: codeload.github.com, example.com, github.com, hub.example, redd.eclick-geo.com, registry.npmjs.org, www.reddit.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall-guard.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
postinstall-guard.cjsView file
5try { L6: const fs = require("node:fs"); L7: const path = require("node:path");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

postinstall-guard.cjsView on unpkg · L5

Findings

1 High4 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirepostinstall-guard.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License