AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Global install mutates AI agent skill directories at lifecycle time. This changes Claude/Codex/OpenClaw control-surface content without a separate user command.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs calls syncBundledSkill() on global npm installs unless CLAWCLAW_SKIP_SKILL_SYNC=1
- scripts/sync-bundled-skill.mjs writes bundled skill via skills add <sourceDir> -y -g during postinstall
- syncBundledSkill targets agent skill locations including ~/.agents/skills/clawclaw, ~/.claude/skills/clawclaw, ~/.codex/skills/clawclaw, and OpenClaw skill dirs
- scripts/enable_ccl_permissions.cjs can add Bash(ccl *) and PowerShell(ccl *) to ~/.claude/settings.json when explicitly run
- No credential harvesting or hardcoded exfiltration endpoints found in inspected lifecycle code
- Network APIs in src/lib/game-client.ts and src/lib/http-transport.ts are aligned with the game CLI client
- enable_ccl_permissions.cjs is not invoked by package.json postinstall
- scripts/sync-bundled-skill.mjs backs up existing skill dirs before replacement
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
scripts/enable_ccl_permissions.cjsView on unpkg · L12Package source references weak cryptographic algorithms.
src/runtime/owner-control.tsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
scripts/find-hide-spots.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
src/commands/game.tsView on unpkg