AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time script mutates a foreign AI-agent control surface by installing a Claude Code skill in the user's home directory. This gives the package persistent Claude skill instructions outside the package namespace without explicit user invocation.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.cjs || true
- scripts/postinstall.cjs runs at install time and writes package skill to ~/.claude/skills/orch/SKILL.md
- skills/orch/SKILL.md registers a Claude Code skill with Bash/Write/Edit/Agent tools and instructs Claude to run orch commands
- scripts/postinstall.cjs also rewrites installed dependency files under node_modules/ink/build
- dist adapters invoke AI CLIs with permission bypass flags such as --dangerously-skip-permissions
- No credential harvesting or secret exfiltration found in inspected postinstall path
- Postinstall network activity not observed; GitHub URL is banner/repository text
- The planted skill is product-aligned for orch rather than a hidden unrelated payload
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/chunk-6DWHQPTE.jsView on unpkg · L9Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.cjsView on unpkg · L1Manifest entrypoint contains risky behavior absent from dist/build output.
scripts/postinstall.cjsView on unpkg · L13Package ships non-JavaScript build or shell helper files.
scripts/release.shView on unpkg