AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. npm postinstall automatically installs package-owned Claude Code skill files into the user profile. This changes the local agent-extension surface without an explicit setup command.
Decision evidence
public snapshot- package.json runs bin/install.mjs via postinstall.
- bin/install.mjs writes automatically to ~/.claude/skills/.
- Installer deploys two package-supplied Claude skills, including companion skill-hardener.
- Installer overwrites named files when destination directories already exist.
- bin/install.mjs uses only local fs/path/os APIs; no network client or subprocess execution.
- Writes are confined to package-named ~/.claude/skills/model-effort-router and skill-hardener paths.
- README.md hook and CLAUDE.md mutations are documented manual steps, not installer behavior.
- Inspected skills contain routing/hardening guidance, not credential harvesting or prompt-override instructions.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/install.mjsView on unpkg · L1