AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Automatic installation mutates broad AI-agent instruction and skill locations outside the package. It writes a Claude skill and, when Codex exists, appends or replaces a managed block in the user's global Codex instructions.
Decision evidence
public snapshot- `package.json` defines `postinstall: node bin/postinstall.mjs`.
- `bin/postinstall.mjs` copies bundled skills into `~/.claude/skills` during install.
- It conditionally rewrites `~/.codex/AGENTS.md` with a managed instruction block.
- The install hook is automatic by default; opt-out requires `MONTY_NO_SKILLS=1`.
- `bin/monty.mjs` also refreshes agent skills on every CLI invocation.
- `bin/postinstall.mjs` contains no network, credential collection, or shell execution.
- The dropped skill is a visible package-bundled Markdown instruction file.
- Runtime network calls in `bin/monty.mjs` are Monty platform/component operations, not used by postinstall.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source invokes a package manager install command at runtime.
bin/monty.mjsView on unpkg · L198Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1