registry  /  @skylence-ai/skyline  /  1.0.55

@skylence-ai/skyline@1.0.55

Content-hash line editor — CLI and MCP server

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code delegates to a platform binary's setup command. Documentation states that setup installs a supervised autostart daemon and agent CLI plugins, creating unconsented persistent agent-facing control surfaces during npm install.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install or npm install -g when lifecycle scripts run
Impact
Autostart local MCP service and agent plugin wiring may be registered without an explicit user command.
Mechanism
postinstall spawn of platform skyline binary setup
Policy narrative
On install, package.json runs postinstall.js. That script invokes bin.js with setup, which resolves and executes a platform-specific skyline binary from optional dependencies. The README states setup installs an always-on supervised HTTP MCP daemon and best-effort installs marketplace plugins for agent CLIs such as Claude or Codex when found on PATH. This is a package-aligned tool, but the lifecycle delivery mutates persistent agent/control surfaces without requiring the user to explicitly run setup.
Rationale
The wrapper's lifecycle hook triggers persistent daemon and AI-agent plugin setup at install time, which matches the blockable unconsented agent control-surface mutation policy even though the functionality is documented and package-aligned. No credential harvesting or external exfiltration was found in the inspected JS wrapper.
Evidence
package.jsonpostinstall.jsbin.jsREADME.mdplatform optional dependency skyline binaryagent CLI plugin/config locations described by README.mdsupervised autostart service described by README.md
Network endpoints1
127.0.0.1:7333/mcp

Decision evidence

public snapshot
AI called this Malicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json defines postinstall: node postinstall.js
  • postinstall.js runs bin.js setup during npm lifecycle unless CI or SKYLINE_NO_AUTO_SETUP is set
  • bin.js resolves a platform optional package and spawnSync executes its skyline binary with inherited stdio
  • README.md says skyline setup installs a supervised autostart HTTP daemon on port 7333
  • README.md says setup best-effort installs Skyline marketplace plugins for agent CLIs already on PATH
Evidence against
  • postinstall.js has CI and SKYLINE_NO_AUTO_SETUP opt-outs
  • README.md documents skyline setup and uninstall commands
  • No JS source in this wrapper directly reads credentials or performs network exfiltration
  • Network use described is local MCP daemon at 127.0.0.1
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.05 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present