AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A user-run `stdd init` can install package-supplied Claude skill files and, when selected, a GitHub Actions workflow into the target repository. No automatic install-time execution or concrete malicious behavior is established.
Decision evidence
public snapshot- `cli/stdd.mjs` `init` explicitly writes packaged Claude skills to `.claude/skills/*/SKILL.md`.
- `cli/stdd.mjs` can generate `.github/workflows/stdd.yml` when `--ci github` is requested.
- `init` defaults to the known tools, including `claude`, when invoked without `--tools`.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- All writes are behind the user-invoked `stdd init` command; import-time code only loads local package data.
- Process execution uses `execFileSync` for fixed `git`/`gh` commands, with no shell, eval, or dynamic code loading.
- No credential harvesting, environment access, exfiltration code, binary payload, or destructive deletion was found.
- `templates/github-stdd.yml` requests read-only GitHub permissions and only validates PR evidence.
Source & flagged code
2 flagged · loading source`cli/stdd.mjs` `init` explicitly writes packaged Claude skills to `.claude/skills/*/SKILL.md`.
cli/stdd.mjsView on unpkg`cli/stdd.mjs` can generate `.github/workflows/stdd.yml` when `--ci github` is requested.
cli/stdd.mjsView on unpkg