registry  /  codewhale.history  /  2.11.11

codewhale.history@2.11.11

CodeWhale utility commands: session history, tool listing, file snapshot, interactive code quiz — global install

AI Security Review

scanned 16h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code modifies the package's CodeWhale extension surface. It copies bundled skills and adds workspace command instructions; no network or payload execution is present.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` invokes the declared `postinstall` hook.
Impact
Adds globally available CodeWhale skills and workspace command triggers without an explicit runtime command.
Mechanism
Copies first-party CodeWhale skills and writes `.codewhale/instructions.md`.
Rationale
This is a concrete unconsented postinstall mutation of a first-party, package-owned CodeWhale extension surface, so it warrants a warning. Source inspection found no malicious execution or exfiltration chain supporting a publish block.
Evidence
package.jsontools-install.js.codewhale/instructions.md_list_sessions.js_extract_office.jsskills/history/SKILL.mdskills/snapshot/SKILL.mdskills/teach-me/SKILL.mdskills/tools/tools-skill/SKILL.md~/.codewhale/skills~/.codewhale/tools-readme.md~/.codewhale/CHANGELOG.md

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `codewhale-tools-install` on `postinstall`.
  • `tools-install.js` writes workspace `.codewhale/instructions.md` using `INIT_CWD`.
  • `tools-install.js` copies bundled agent skills into `~/.codewhale/skills`.
  • Bundled instructions activate skills in CodeWhale sessions.
Evidence against
  • No network, HTTP, or socket APIs are imported in package JavaScript.
  • No shell, child-process, eval, VM, dynamic loading, or binary execution found.
  • `_list_sessions.js` only reads local CodeWhale session JSON and prints metadata.
  • `_extract_office.js` only reads a user-supplied Office file and prints extracted text.
  • No credential harvesting, exfiltration, destructive deletion, or foreign agent-config writes found.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 3 file(s), 13.8 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = codewhale-tools-install
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = codewhale-tools-install
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License