registry  /  @skylence-ai/skyline  /  1.0.70

@skylence-ai/skyline@1.0.70

Content-hash line editor — CLI and MCP server

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Installing the package runs a lifecycle hook that launches a platform binary with `setup`. Package documentation states this setup installs an autostart daemon and agent-CLI plugins with hooks that alter agent tool behavior.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm postinstall during package installation, unless CI or SKYLINE_NO_AUTO_SETUP is set
Impact
Unconsented install-time mutation of broad AI-agent control surfaces and persistence through an autostart daemon
Mechanism
Automatic setup invokes an external platform binary to install daemon and AI-agent plugin wiring
Policy narrative
On installation, `postinstall.js` launches `bin.js setup`. The launcher resolves an installed platform-specific Skyline binary and executes it. The package README documents that setup installs a supervised autostart daemon and Skyline marketplace plugins for agent CLIs detected on PATH; those plugins use hooks to route or constrain built-in AI-agent tools. This is an unconsented postinstall mutation of a broad, foreign AI-agent control surface.
Rationale
The install hook automatically initiates persistence and agent-plugin setup rather than requiring an explicit user command. The absent platform binary prevents deeper payload inspection but does not negate the documented and triggered lifecycle behavior.
Evidence
package.jsonpostinstall.jsbin.jsREADME.md

Decision evidence

public snapshot
AI called this Malicious at 93.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` defines `postinstall: node postinstall.js`.
  • `postinstall.js` automatically invokes `skyline setup` unless CI or an opt-out env var is set.
  • `bin.js` resolves and runs a platform package binary with the `setup` argument.
  • `README.md` states setup installs an autostart daemon and Skyline plugins for agent CLIs on PATH.
  • `README.md` says the plugin uses hooks to constrain Claude built-in `Write`, `Edit`, and `Bash` tools.
Evidence against
  • The JavaScript wrapper contains no credential harvesting, HTTP client, shell string, eval, or direct file writes.
  • No executable platform binary is included in this extracted package, so its internal implementation was not inspectable.
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.05 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin.jsView file
matchType = malicious_source_fingerprint_signature signature = 202b3dfd3937dab6 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = @skylence-ai/skyline@1.0.69 matchedPath = bin.js matchedIdentity = npm:QHNreWxlbmNlLWFpL3NreWxpbmU:1.0.69 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

bin.jsView on unpkg

Findings

2 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Fingerprint Signaturebin.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present