AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package has an npm postinstall hook that unconditionally installs package-supplied Claude skill files into the user's home directory. This is lifecycle-triggered mutation of a foreign AI-agent control surface.
Decision evidence
public snapshot- package.json defines postinstall: node ./skillit-postinstall.cjs
- skillit-postinstall.cjs runs at install time and copies packaged skills into os.homedir()/.claude/skills
- skills/lsproxy-cli/SKILL.md is package-supplied Claude skill content for invoking lsproxy commands
- skillit-postinstall.cjs mutates packaged .md files before copying them
- No credential harvesting or exfiltration endpoints found in inspected source
- dist/connect.js daemon behavior is user-invoked CLI/proxy functionality
- dist/session.js child_process spawn runs user-selected language server commands during CLI use
- Config adapter writes are exposed through explicit lsproxy config commands
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
skillit-postinstall.cjsView on unpkg · L26Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/connect.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
dist/connect.jsView on unpkg