AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack is present. Runtime CLI use can re-sync package-owned Claude skill directories; explicit skills commands can install or remove those directories.
Decision evidence
public snapshot- `dist/index.js` runs skill auto-sync on non-help CLI invocations.
- `dist/lib/skills.js` copies bundled skills into `~/.claude/skills/<name>` or `./.claude/skills/<name>`.
- `dist/lib/skills.js` auto-updates/removes only `.version`-marked CLI-owned skill directories.
- `dist/commands/skills.js` exposes explicit install, update, and uninstall commands.
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- No child-process, eval, VM, native-loader, or remote-code execution primitive found.
- Network use is API traffic to Trawl and opt-out-capable PostHog command telemetry.
- Skill overwrite/sync checks ownership markers and offers `TRAWL_SKILLS_SYNC=0` opt-out.
Source & flagged code
4 flagged · loading source`dist/index.js` runs skill auto-sync on non-help CLI invocations.
dist/index.jsView on unpkg`dist/lib/skills.js` copies bundled skills into `~/.claude/skills/<name>` or `./.claude/skills/<name>`.
dist/lib/skills.jsView on unpkg`dist/lib/skills.js` auto-updates/removes only `.version`-marked CLI-owned skill directories.
dist/lib/skills.jsView on unpkg`dist/commands/skills.js` exposes explicit install, update, and uninstall commands.
dist/commands/skills.jsView on unpkg