registry  /  @skylence-ai/skyline  /  1.0.67

@skylence-ai/skyline@1.0.67

Content-hash line editor — CLI and MCP server

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Installing the npm package can automatically invoke `skyline setup`. The documented setup changes agent-CLI plugin wiring and starts a supervised daemon without an explicit setup command from the user.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm postinstall for @skylence-ai/skyline@1.0.67 outside CI unless SKYLINE_NO_AUTO_SETUP is set
Impact
Can alter foreign AI-agent control behavior by installing hooks that redirect built-in tools, and create an autostart background daemon.
Mechanism
postinstall delegates agent-plugin and daemon setup to a platform binary
Policy narrative
During installation, postinstall invokes the platform binary with `setup`. The package documentation says this setup starts an autostart HTTP daemon and best-effort installs marketplace plugins into agent CLIs found on PATH; it further describes hooks that prevent Claude from using built-in Write, Edit, and Bash tools and route them through Skyline. This is unconsented install-time mutation of a foreign AI-agent control surface.
Rationale
The lifecycle hook automatically initiates documented cross-agent plugin and daemon setup, rather than requiring the user to run setup explicitly. No source-visible credential theft or network exfiltration was found, but the install-time agent-control mutation meets the blocking boundary.
Evidence
package.jsonpostinstall.jsbin.jsREADME.md
Network endpoints1
github.com/skylence-be/skylence-plugins

Decision evidence

public snapshot
AI called this Malicious at 91.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • package.json defines `postinstall: node postinstall.js`.
  • postinstall.js automatically runs `bin.js setup` unless CI or an opt-out env var is set.
  • bin.js resolves and executes a platform-specific opaque binary with the `setup` argument.
  • README.md states setup installs an autostart daemon and marketplace plugins for agent CLIs on PATH.
  • README.md says the plugin hooks redirect Claude built-in Write/Edit/Bash tools to Skyline tools.
Evidence against
  • The JavaScript wrapper contains no credential harvesting, file enumeration, HTTP client, eval, or direct exfiltration logic.
  • postinstall.js reports setup failures and does not retry or add JS-level persistence.
  • The wrapper only executes a named platform package; its binary implementation is not present in this extracted package.
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.05 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin.jsView file
matchType = malicious_source_fingerprint_signature signature = 202b3dfd3937dab6 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = @skylence-ai/skyline@1.0.63 matchedPath = bin.js matchedIdentity = npm:QHNreWxlbmNlLWFpL3NreWxpbmU:1.0.63 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

bin.jsView on unpkg

Findings

2 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Fingerprint Signaturebin.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present