AI Security Review
scanned 8d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates repository AI-agent control surfaces at npm postinstall time. The behavior is package-aligned but still automatic lifecycle installation of agent instructions and command routing files.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/cli.js install --postinstall.
- scripts/cli.js postinstall resolves INIT_CWD/cwd or git root as target and writes into that project.
- scripts/cli.js always copies package cli-skill/ into target cli-skill/ during install.
- scripts/cli.js auto-detects Copilot/Pi/Claude/OpenCode markers and copies adapter files into .github/.pi/.claude/.opencode control paths.
- Installed skill includes /install-cli-pr-workflow instructions to create .github/workflows/cli-review.yml using secrets.
- No fetch/http client, outbound network code, or hardcoded exfiltration endpoint in executable JS.
- child_process use is limited to git rev-parse --show-toplevel.
- Existing unmanaged files are skipped unless --force; managed updates use hashes/state.
- No credential harvesting found in scripts/cli.js; secret strings are documentation/workflow references.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/cli.jsView on unpkg · L1