Curate vetted AI-coding skills & plugins by your tech stack — install only what you need, across Claude Code, Codex, OpenCode & Antigravity
LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked CLI scaffolds AI-agent files in a chosen project and can opt a Codex project into trust. Selected optional assets may be installed through package-manager or platform CLI subprocesses. No unconsented lifecycle-triggered control-surface mutation was established.
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2736A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3524Package ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgA package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2736Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3524