AI Security Review
scanned 8h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit project-local AI-agent workflow installer. Its CLI can place skills and optional Claude hook executables in the current project, but no npm install-time execution or automatic settings mutation was confirmed.
Decision evidence
public snapshot- `src/commands/init.mjs` copies manifest-listed files into the invoking project.
- `agent-workflow-kit.package.json` includes `.agents/skills/*` and executable `.claude/hooks/*`.
- `src/commands/update.mjs` can update tracked extension files; it preserves user edits and prompts before deletions.
- `.claude/hooks/sync-board-status.py` invokes `gh` when manually wired into Claude settings.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `src/cli.mjs` activates writes only for explicit `init` or `update` commands.
- `src/cli.mjs` instructs the user to add the drift hook to settings manually; it does not edit settings.
- `src/lib/settings.mjs` only reads settings to avoid deleting referenced hooks.
- Inspected hook/template sources show local prompts, git/GitHub workflow helpers, and logs; no credential harvesting or exfiltration.
- No eval, dynamic payload loading, or direct network client was found in the inspected package control path.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.agents/skills/diagnose/scripts/hitl-loop.template.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.agents/skills/diagnose/scripts/hitl-loop.template.shView on unpkg