AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package automatically mutates the consuming project's Claude agent skill directory. It deletes any existing skill directory with the package-selected name and replaces it with package-controlled instructions.
Decision evidence
public snapshot- `package.json` runs `node postinstall.mjs` on install.
- `postinstall.mjs` resolves the consuming project root and targets `.claude/skills`.
- Lifecycle code forcibly removes and replaces `.claude/skills/evoke-astro-core`.
- It copies package-supplied agent instructions from `agents/claude` without user action.
- `postinstall.mjs` uses only local filesystem APIs; no network or shell execution.
- The dropped `SKILL.md` is package usage documentation, not credential or command-harvesting code.
- PDF viewer network-like findings are browser PDF-link handling and bundled PDF.js, not install-time behavior.
- No environment-variable harvesting, exfiltration, or remote payload loading found in inspected sources.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
src/components/PdfViewer/pdf.worker.min.mjsView on unpkg · L24Install-time source drops package-supplied AI-agent/MCP control files or instructions.
postinstall.mjsView on unpkg · L1