AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Postinstall mutates the Claude Code skill directory by linking bundled skill folders. It can replace or back up same-named local entries, but no exfiltration or remote execution chain is present.
Decision evidence
public snapshot- `package.json` runs `scripts/install.js` as `postinstall`.
- `scripts/install.js` creates `~/.claude/skills` and symlinks all bundled skills there.
- Installer replaces same-named symlinks and renames non-symlink destinations to `.bak`.
- `scripts/uninstall.js` deletes symlinks under `~/.claude/skills`.
- Bundled targets are package-aligned skill names discovered from `skills/*/SKILL.md`.
- `README.md` explicitly documents global installation and Claude Code skill linking.
- No child-process, shell, dynamic-code, credential-harvesting, or remote-payload behavior found.
- `scripts/eval.js` contacts only `api.anthropic.com` when explicitly run and uses `ANTHROPIC_API_KEY` for that request.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L6Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/eval.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
scripts/eval.jsView on unpkg