AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package automatically installs package-owned AI-agent skill files during npm postinstall. This mutates the consumer repository but is bounded to its documented CLI review skill payload and detected/selected adapters.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/cli.js install --postinstall
- scripts/cli.js resolves target to INIT_CWD/cwd git root and writes files there
- scripts/cli.js copies cli-skill tree, scripts/calculate_cli_score.py, and detected agent adapters under .github/.pi/.claude/.opencode
- Agent selection can be forced by CLI_SKILL_AGENTS and force overwrite by CLI_SKILL_FORCE
- No fetch/http client, curl/wget, or network execution in scripts/cli.js
- Only child_process use is git rev-parse --show-toplevel
- Overwrite logic skips unmanaged existing files unless --force is set
- Payload files are CLI review skill docs/config, not credential harvesting or remote payload loaders
- README documents npm installer purpose and target behavior
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/cli.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/calculate_cli_score.pyView on unpkg