AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates AI-agent control directories in the consuming project without a user command. It conditionally writes a package-authored instruction document into Kiro or Cursor configuration paths.
Static reason
One or more suspicious static signals were detected.
Trigger
npm installation runs the package `postinstall` hook.
Impact
Package installation can alter instructions supplied to AI coding tools in the consumer project.
Mechanism
Writes AI guidance into consumer `.kiro/steering` or `.cursor/rules` paths.
Policy narrative
During `postinstall`, the package determines the consuming project root and copies its bundled AI usage guide into existing Kiro or Cursor instruction directories, otherwise into `docs/`. This is an unconsented install-time mutation of foreign AI-agent control surfaces; it does not need network access to influence future agent behavior in that project.
Rationale
The package performs concrete, unconsented postinstall writes to consumer AI-agent configuration paths. Although no exfiltration or remote payload execution is present, this meets the firewall block boundary for foreign AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall.jsdocs/implement-tantuui-token-and-component.mddist/index.jsdist/index.cjs.kiro/steering/implement-tantuui-token-and-component.md.cursor/rules/implement-tantuui-token-and-component.md
Decision evidence
public snapshotAI called this Malicious at 96.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
- `package.json` runs `node scripts/postinstall.js` on install.
- `scripts/postinstall.js` locates the consumer project through `INIT_CWD` or parent traversal.
- The lifecycle script writes an AI guidance document into existing `.kiro/steering` or `.cursor/rules` directories.
- The script creates `docs/` as fallback and suppresses lifecycle failure with `|| true`.
Evidence against
- No network, credential harvesting, shell execution, dynamic code evaluation, or binary loading was found.
- `dist/index.js` and `dist/index.cjs` import only React, React DOM, and JSX runtime.
- The copied document is a TantuUI usage guide rather than an executable payload.
Behavioral surface
EnvironmentVarsFilesystem
MinifiedUrlStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowUrl Strings