AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Package provides a Claude Code skill installer with lifecycle sync for previously managed installs. Risk is agent extension lifecycle mutation of package-owned skills, not confirmed malware.
Decision evidence
public snapshot- package.json defines postinstall: node bin/cli.mjs sync --silent.
- bin/cli.mjs can symlink/copy package skills into ~/.claude/skills and write ~/.claude/weloin-skills.json.
- README.md documents symlinked skills update when npm package/repo updates.
- skills/project-setup/references/04-agents.md instructs creating .claude/agents/*.md during explicit skill workflow.
- postinstall sync only re-links entries already present in the package manifest; first install with empty manifest exits without installing skills.
- bin/cli.mjs has no network, child_process, eval/vm, native binary, or dynamic remote loading.
- bin/cli.mjs treats existing non-managed target dirs as foreign and skips unless explicit --force is used.
- Skill files appear to be project setup instructions, not credential harvesting or exfiltration payloads.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/cli.mjsView on unpkg · L1