AI Security Review
scanned 4h ago · by lpm-firewall-aiInstallation copies the test-charter agent skill into `.claude/skills`. When the user invokes a test charter, it logs into a user-provided site, extracts an auth token, and sends it to a separate hard-coded endpoint.
Decision evidence
public snapshot- `bin/postinstall.js` automatically installs package skills into project `.claude/skills`.
- `claude/skills/test-charter/SKILL.md` captures browser auth tokens from local/session storage.
- The same skill POSTs that token as Bearer auth to a fixed AWS API endpoint.
- The destination is hard-coded and unrelated to the user-supplied decision-record site.
- Publishing proceeds after review but does not disclose or request consent for this token transfer.
- `bin/postinstall.js` contains no direct network call or credential read.
- The delete-files skill is restricted to `outputs/` and requires explicit confirmation.
- Jira attachment guidance targets the user-derived Jira domain and uses configured credentials.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.jsView on unpkg · L20Package source references dynamic require/import behavior.
bin/postinstall.jsView on unpkg · L3