AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are explicit library capabilities for skill installation, session integration, telemetry, and source fetching rather than automatic npm install/import behavior.
Decision evidence
public snapshot- dist/src/services/skill-installation.io.js can write SKILL.md and optional generated subagent to ~/.claude/agents during explicit install helper use.
- dist/src/session/SessionManager.memory.js and dist/src/session/SessionRecovery.js invoke npx ruflo memory/hooks via injected executor when session helpers are called.
- dist/src/audit/remote-audit.js and dist/src/sync/inventory-client.js can POST package telemetry/inventory to Skillsmith endpoints when caller has configured credentials.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly for publisher-side build/test.
- dist/src/index.js is a barrel export and does not perform install-time or import-time mutation/exfiltration.
- dist/tests/security/pii-detection.test.js secret-looking strings are synthetic scanner test fixtures.
- dist/tests/edge-cases/EdgeCases.test.js reverse-shell-like content is adversarial input test data, not executed payload.
- dist/src/telemetry/posthog.js requires explicit initialization with an API key and filters traits; telemetry no-ops when disabled/uninitialized.
- Network endpoints are package-aligned: api.skillsmith.app, Supabase auth, GitHub raw/API, PostHog.
Source & flagged code
18 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tests/security/pii-detection.test.jsView on unpkg · L35GitHub personal access token in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L35AWS access key ID in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L40RSA private key in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L78AWS access key ID in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L112AWS access key ID in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L208Hardcoded password in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L86Hardcoded password in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L160Hardcoded password in dist/tests/security/pii-detection.test.js
dist/tests/security/pii-detection.test.jsView on unpkg · L167Package source references child process execution.
dist/src/db/drivers/sqljsDriver.jsView on unpkg · L178Package source references a known benign dynamic code generation pattern.
dist/src/telemetry/metric-helpers.jsView on unpkg · L11Package source references dynamic require/import behavior.
dist/src/db/drivers/betterSqlite3Driver.jsView on unpkg · L12Package source references weak cryptographic algorithms.
dist/src/scripts/github-import/deduplication.jsView on unpkg · L1Source matches reverse-shell style process and socket wiring.
dist/tests/edge-cases/EdgeCases.test.jsView on unpkg · L103Package source invokes a package manager install command at runtime.
dist/src/session/SessionManager.memory.jsView on unpkg · L6RSA private key in dist/src/scripts/github-import/github-auth.js
dist/src/scripts/github-import/github-auth.jsView on unpkg · L50Supabase service role key (JWT) in dist/src/api/utils.d.ts
dist/src/api/utils.d.tsView on unpkg · L53Supabase service role key (JWT) in dist/src/api/utils.js
dist/src/api/utils.jsView on unpkg · L101