AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs harpua-skills or opts a consuming project into a prepare script that runs it
Impact
Adds @harpua skill directories to .claude/skills and .agents/skills for agent discovery
Mechanism
agent skill symlink setup
Rationale
Source inspection shows a package-aligned NestJS/LangGraph library with a CLI for explicit first-party agent skill setup, not install-time foreign control-surface hijacking. Because it can write agent skill symlinks when invoked or opt-in scripted, downgrade to warn rather than block.
Evidence
package.jsondist/cli/harpua-skills.jsdist/checkpointer.jsdist/optional-require.jsREADME.mdskills/graph-operations/SKILL.md.claude/skills/<skill>.agents/skills/<skill>
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- dist/cli/harpua-skills.js links discovered @harpua skills into .claude/skills and .agents/skills
- README.md recommends wiring harpua-skills as a prepare script in the consuming project
Evidence against
- package.json has no npm lifecycle scripts; bin is user-invoked unless consumer opts in
- dist/cli/harpua-skills.js validates skill names as one safe path segment and does not clobber real files
- dist/cli/harpua-skills.js only scans node_modules/@harpua/*/skills/*/SKILL.md and creates symlinks
- dist/checkpointer.js dynamic require is optional peer loading for LangGraph checkpoint backends
- No credential harvesting, shell execution, destructive behavior, or package network exfiltration found
Behavioral surface
CryptoDynamicRequireFilesystem
Source & flagged code
1 flagged · loading sourcedist/checkpointer.jsView file
10exports.buildCheckpointer = buildCheckpointer;
L11: const common_1 = require("@nestjs/common");
L12: const langgraph_1 = require("@langchain/langgraph");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/checkpointer.jsView on unpkg · L10Findings
1 Medium2 Low
MediumDynamic Requiredist/checkpointer.js
LowScripts Present
LowFilesystem