AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package has an npm postinstall hook that unconditionally creates or rewrites AGENTS.md with AI-agent instructions scoped to the entire repository. This is unconsented lifecycle mutation of a broad AI-agent control surface, even though the content appears product-aligned.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install / package postinstall
Impact
Can change future AI-agent behavior for the consuming project and overwrite existing AGENTS.md content during install.
Mechanism
lifecycle-generated AGENTS.md agent instruction file
Policy narrative
On npm install, package.json invokes .ai-tidu9/scripts/install.js. The script computes the package/project root, creates or rewrites AGENTS.md, and inserts instructions requiring agents to load AI-Tidu9 rules for the entire repository. It also writes .ai-tidu9/browser.md from a packaged skill file. No data theft or network behavior was found, but the lifecycle-triggered AGENTS.md write is a broad AI-agent control-surface mutation without explicit user consent.
Rationale
Static source inspection confirms install-time code plants repository-wide AGENTS.md instructions, which the supplied policy treats as blockable AI-agent control hijack when lifecycle-triggered and unconsented. Absence of exfiltration or classic malware does not remove the concrete agent control-surface attack surface.
Evidence
package.json.ai-tidu9/scripts/install.jsAGENTS.md.ai-tidu9/browser.md.ai-tidu9/skills/_core/SKILL.md
Decision evidence
public snapshotAI called this Malicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- package.json runs postinstall: node .ai-tidu9/scripts/install.js
- install.js writes AGENTS.md at package root/consumer-visible project root on install
- AGENTS.md content tells AI agents rules apply to entire repository and to recursively read .ai-tidu9/skills
- install.js overwrites existing AGENTS.md unless it finds a '## Skill' split point
Evidence against
- No network APIs, child_process, eval/vm, dynamic require, native binary loading, credential reads, or exfiltration seen
- Writes are limited to AGENTS.md and .ai-tidu9/browser.md within the package/project tree
- No files listed outside package/project root such as home agent configs or shell startup files
Behavioral surface
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node .ai-tidu9/scripts/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node .ai-tidu9/scripts/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High1 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present