registry  /  @skylence-ai/skyline  /  1.0.71

@skylence-ai/skyline@1.0.71

Content-hash line editor — CLI and MCP server

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Installing the package can run `skyline setup` automatically. That command is delegated to an uninspected platform binary and is documented to install an autostart daemon plus Skyline agent plugins.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm postinstall, unless `CI` or `SKYLINE_NO_AUTO_SETUP` is set
Impact
May alter local agent integration and establish a background service during installation; the actual platform binary behavior is not present in this package.
Mechanism
lifecycle-triggered execution of platform binary setup that configures daemon and agent plugins
Rationale
Source inspection confirms an install-time setup path that can configure a background daemon and AI-agent plugins, while the executed platform payload is unavailable for direct inspection. This warrants a warning under the guarded first-party agent-extension lifecycle policy, not a block.
Evidence
package.jsonpostinstall.jsbin.jsREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` defines `postinstall: node postinstall.js`.
  • `postinstall.js` automatically invokes `skyline setup` unless CI or opt-out env is set.
  • `bin.js` resolves and executes a platform binary with the `setup` argument.
  • `README.md` says setup installs an autostart daemon and marketplace plugins for agent CLIs on PATH.
  • `README.md` describes plugin hooks that steer Claude away from built-in `Write`, `Edit`, and `Bash` tools.
Evidence against
  • The JavaScript files contain no credential harvesting or filesystem enumeration.
  • No network client, exfiltration endpoint, eval, or shell-string execution appears in inspected source.
  • The lifecycle wrapper forwards only to the package's platform-specific binary.
  • Setup failure is non-fatal and reports a visible warning.
  • The documented agent integration is Skyline-branded rather than an unrelated payload.
Behavioral surface
Source
ChildProcessEnvironmentVars
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.05 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin.jsView file
matchType = malicious_source_fingerprint_signature signature = 202b3dfd3937dab6 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = @skylence-ai/skyline@1.0.70 matchedPath = bin.js matchedIdentity = npm:QHNreWxlbmNlLWFpL3NreWxpbmU:1.0.70 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

bin.jsView on unpkg

Findings

2 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Fingerprint Signaturebin.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present