AI Security Review
scanned 8h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates the consuming project's AI-agent instruction surface. It drops managed skills and injects persistent rules into the project-root `AGENTS.md` without an explicit user command.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/install-skill.mjs` writes consumer `.local/skills` files.
- It creates, appends to, or replaces sections in consumer `AGENTS.md`.
- Injected `skill/AGENTS.snippet.md` directs future agents and restricts auth changes.
- No consent prompt; target is `INIT_CWD` or current directory.
- No child-process, shell, eval, or dynamic-code execution found.
- Runtime fetches implement configured OIDC discovery/token flows.
- No credential harvesting or exfiltration path found.
- Postinstall has an environment-variable opt-out and error handling.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.mjsView on unpkg · L2Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/probe.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
dist/probe.jsView on unpkg