AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates AI-agent skill/control surfaces by globally installing a bundled OpenKnowledge discovery skill into detected agent hosts. This happens from npm postinstall without an explicit user CLI action.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.mjs.
- scripts/postinstall.mjs imports dist/index.mjs and calls installUserSkill during install.
- dist/dist-5JkJUoWe.mjs installUserSkill spawns npx -y skills@~1.5.0 add <bundled discovery skill> --agent * -g -y --copy.
- dist/dist-5JkJUoWe.mjs removes legacy user skill with npx skills@~1.5.0 remove --agent * -g open-knowledge.
- dist/dist-5JkJUoWe.mjs records install events under $HOME/.ok/skill-install-events.jsonl and writes skill-state.
- dist/write-project-skill-Ba_TWxCT.mjs defines agent config/skill paths for .claude, .cursor, .codex, and opencode.
- No credential harvesting or exfiltration observed in the inspected install path.
- GitHub OAuth, OPENAI key, and MCP/network features appear aligned with the CLI's knowledge-base functionality.
- Native binaries are declared as native-config parse/edit helpers in dist/native/package.json.
- Large bundled assets include app/public assets and bundled skills, not standalone staged payloads.
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/lib-CItGM3rN.mjsView on unpkg · L39Package source references child process execution.
scripts/probe-exec.tsView on unpkg · L59Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/chunk-XORM457F-BuPOSqOe.mjsView on unpkg · L116Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/js-exec-M6UR76J5-Cu6NIWHE.mjsView on unpkg · L28A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/server-lock-CN2YHwpP-DiysUpvV.mjsView on unpkgPackage ships native binary artifacts.
dist/native/native-config.linux-arm64-musl.nodeView on unpkgPackage ships high-entropy non-source blobs.
dist/public/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dist-CXugONRr.mjsView on unpkg