registry  /  agent-fender-skill  /  1.0.1

agent-fender-skill@1.0.1

Claude Code skill that audits AI agent code for 7 critical safety gaps (timeout, loop limit, dangerous tools, injection, audit trail, token budget)

AI Security Review

scanned 1h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Global npm install triggers lifecycle code that plants a Claude Code skill in the user's home directory. This mutates a foreign AI-agent control surface outside the package directory.

Static reason
One or more suspicious static signals were detected.
Trigger
npm global install postinstall
Impact
Future Claude Code sessions may load package-supplied instructions for agent-code tasks
Mechanism
unconsented Claude Code skill installation
Policy narrative
On global installation, npm runs install.js as postinstall. The script creates ~/.claude/skills/agent-fender and copies package-supplied Claude skill instructions and references there, causing future Claude Code sessions to see and potentially activate those instructions for broad agent-related prompts.
Rationale
Although the content is product-aligned and there is no exfiltration or remote code execution, lifecycle-triggered writes into ~/.claude/skills are an unconsented mutation of a foreign AI-agent control surface. Under the install control-surface policy this is blockable AI-agent control hijack behavior.
Evidence
package.jsoninstall.jsSKILL.mdreferences/audit-examples.mdreferences/inline-patterns.mdreferences/library-integration.md~/.claude/skills/agent-fender/SKILL.md~/.claude/skills/agent-fender/references/audit-examples.md~/.claude/skills/agent-fender/references/inline-patterns.md~/.claude/skills/agent-fender/references/library-integration.md

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json defines postinstall: node install.js and bin points to install.js
  • install.js writes package files into ~/.claude/skills/agent-fender on global postinstall
  • install.js copies SKILL.md and references into Claude Code skill control surface without an interactive consent check
  • SKILL.md is an agent instruction file activated by Claude Code for broad agent-code requests
Evidence against
  • install.js skips postinstall for non-global npm installs
  • No network requests, credential reads, shell execution, eval, or native/binary loading found
  • Copied skill content is package-aligned safety-audit guidance rather than exfiltration or destructive instructions
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.25 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem