AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package automatically modifies the Claude Code skills control surface during npm postinstall by linking bundled first-party skills into the user's home directory. This is an agent extension lifecycle risk, but source inspection did not show exfiltration, remote payload execution, or stealth persistence.
Decision evidence
public snapshot- package.json runs scripts/install.js on postinstall and scripts/uninstall.js on preuninstall.
- scripts/install.js creates ~/.claude/skills and symlinks every bundled skills/*/SKILL.md directory into it.
- scripts/install.js replaces existing symlinks and renames real existing target paths to .bak before linking.
- scripts/uninstall.js removes symlinks under ~/.claude/skills for bundled skill names.
- scripts/eval.js can call api.anthropic.com with ANTHROPIC_API_KEY, but only via explicit npm eval scripts.
- No install-time network calls found in scripts/install.js or scripts/uninstall.js.
- No credential harvesting or exfiltration found; eval uses only ANTHROPIC_API_KEY for explicit Anthropic API requests.
- No child_process, eval, Function, native binary, or dynamic remote code loading found.
- Bundled skill files are design-review instructions and references, matching the package purpose.
- README discloses that global install automatically links Claude Code slash commands.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L6This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/eval.jsView on unpkg