AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package mutates a global AI-agent control surface at npm install time. It installs a package-supplied Claude skill into the user's ~/.claude/skills without a separate user command.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install-skills.cjs
- scripts/install-skills.cjs copies bundled .claude/skills/* into CLAUDE_CONFIG_DIR or ~/.claude/skills during install
- Bundled .claude/skills/leanchy/SKILL.md installs AI-agent behavior instructions into the user's global Claude skill surface
- Install script creates destination directories and does not require an explicit CLI action beyond npm install
- scripts/install-skills.cjs only copies skill files and skips absent source dir; no network or credential exfiltration seen there
- bin launchers spawn Bun and copy bingo defaults on user-invoked runtime, aligned with an AI coding CLI
- Network references inspected are mainly Anthropic/Claude API, local 127.0.0.1:3456 daemon, feedback, IDE/MCP features
- Bundled .claude/settings.local.json contains permissions but install-skills.cjs does not copy it
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a possible secret pattern.
src/utils/powershell/parser.tsView on unpkg · L1343Package source references weak cryptographic algorithms.
src/utils/plugins/mcpbHandler.tsView on unpkg · L4Source writes installer persistence such as shell profile or service configuration.
src/utils/deepLink/registerProtocol.tsView on unpkg · L40A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/utils/ide.tsView on unpkg · L1354Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.cjsView on unpkg · L2Package source invokes a package manager install command at runtime.
bin/bingo-win.cjsView on unpkg · L87Package ships native binary artifacts.
src/utils/vendor/ripgrep/x64-win32/rg.exeView on unpkgPackage ships non-JavaScript build or shell helper files.
runtime/win_helper.pyView on unpkg