registry  /  @ninjamin/promper  /  0.3.0

@ninjamin/promper@0.3.0

Prompt-engineering toolkit for Claude Code. /promper engineers role-grounded prompts (role inherited from the routed specialist agent); /prim certifies your agents against the prompt-engineering standard.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `promper`/`npx promper`, or installs/enables the included Claude plugin hooks.
Impact
Can alter Claude Code behavior and add an external marketplace, but only through user-invoked setup or plugin activation.
Mechanism
Explicit AI-agent skill installation, marketplace bootstrap, and hook-based prompt/edit control.
Rationale
This is not malicious under the install-time blocking boundary because there are no lifecycle scripts or unconsented npm-install mutations. It warrants a warning because explicit setup changes AI-agent configuration and bootstraps an external marketplace.
Evidence
package.jsonbin/promper.mjshooks/hooks.jsonhooks/contract-gate.mjshooks/enrich-spawn.mjshooks/gate-prompt.mjs~/.claude/skills/promper~/.claude/skills/promper-setup~/.claude/skills/prim~/.claude/skills/breakdown~/.claude/plugins/marketplaces/claude-code-workflows~/.invoker/state/promper-decision-<session_id>.json

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/promper.mjs` default command copies four skills into `~/.claude/skills`.
  • The same default flow runs `claude plugin marketplace add wshobson/agents` when its marketplace cache is absent.
  • `hooks/hooks.json` defines Claude session, prompt, subagent-spawn, and edit-gating hooks.
  • `hooks/contract-gate.mjs` can deny in-repo edit tools until a routing-state file exists.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle hook.
  • Agent configuration mutation requires an explicit `promper`/`npx promper` invocation.
  • Reviewed code has no credential harvesting, HTTP client, payload download, eval, or shell interpolation.
  • Child-process use is limited to fixed `claude` marketplace and `git rev-parse` commands.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 21 file(s), 486 KB of source

Source & flagged code

1 flagged · loading source
hooks/gate-prompt.mjsView file
55try { L56: ({ countPriorUserTurns, classifyGate } = await import(join(HOOK_DIR, "..", "dist", "gate.js"))); L57: } catch {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

hooks/gate-prompt.mjsView on unpkg · L55

Findings

2 Medium3 Low
MediumDynamic Requirehooks/gate-prompt.mjs
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings