Curate vetted AI-coding skills & plugins by your tech stack — install only what you need, across Claude Code, Codex, OpenCode & Antigravity
Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2781A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3577Package ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgA package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2781Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3577