registry  /  @skills-house/create  /  0.1.2

@skills-house/create@0.1.2

Scaffold a skills-house project — npx @skills-house/create my-app

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The notable risk is explicit-user-command installation/removal of first-party agent skills into common agent skill directories.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs create bin, then generated pnpm dev/install:skills/remove:skills or install-skills add commands.
Impact
Can place or remove selected skill directories under user or project agent skill paths when invoked.
Mechanism
scaffold project and explicit agent skill install/remove helpers
Rationale
Source inspection shows a package-aligned scaffolding CLI with no lifecycle hooks or stealth behavior, but it ships explicit helpers that can install first-party skills into broad AI-agent skill directories. Per policy this is a warning-level agent extension lifecycle risk, not a publish-blocking malicious package.
Evidence
package.jsondist/cli.jsdist/chunk-RTBK52ND.jstemplates/default/package.jsontemplates/default/internal-scripts/install/dist/cli.jstemplates/default/internal-scripts/install/install-skills.shtemplates/default/internal-scripts/install/remove-skills.shtemplates/default/internal-scripts/install/lib/agent-targets.shtarget project directorytarget project/node_modules$HOME/.agents/skills$HOME/.codex/skills$HOME/.cursor/skills$HOME/.claude/skills<repo>/.agents/skills<repo>/.cursor/skills<repo>/.claude/skills
Network endpoints3
al4f.devgithub.com/al4f/skills-houseagentskills.io

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • templates/default/internal-scripts/install/install-skills.sh can write skills into $HOME/.agents/.codex/.cursor/.claude skill directories when explicitly run.
  • templates/default/internal-scripts/install/remove-skills.sh removes matching installed skill directories with rm -rf when explicitly run.
  • templates/default/internal-scripts/install/dist/cli.js can fetch @skills-house/skill-<name> via npm pack for explicit install-skills add.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • dist/cli.js only runs as bin create, scaffolds templates, and optionally runs pnpm install in the target project.
  • No credential harvesting, hidden exfiltration, eval/vm, or remote code execution path found.
  • Agent skill writes are in generated project scripts and explicit commands, not unconsented package install-time mutation.
  • Network strings are docs/repository URLs plus npm pack for package-aligned skill installation.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 28.9 KB of source, external domains: al4f.dev, github.com

Source & flagged code

2 flagged · loading source
templates/default/internal-scripts/install/install-skills.shView file
path = templates/default/internal-scripts/install/install-skills.sh kind = build_helper sizeBytes = 3177 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

templates/default/internal-scripts/install/install-skills.shView on unpkg
templates/default/internal-scripts/install/dist/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @skills-house/create@0.1.1 matchedIdentity = npm:QHNraWxscy1ob3VzZS9jcmVhdGU:0.1.1 similarity = 0.769 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

templates/default/internal-scripts/install/dist/cli.jsView on unpkg

Findings

1 High2 Medium2 Low
HighPrevious Version Dangerous Deltatemplates/default/internal-scripts/install/dist/cli.js
MediumEnvironment Vars
MediumShips Build Helpertemplates/default/internal-scripts/install/install-skills.sh
LowFilesystem
LowUrl Strings