AI Security Review
scanned 16h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code modifies the package's CodeWhale extension surface. It copies bundled skills and adds workspace command instructions; no network or payload execution is present.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` invokes the declared `postinstall` hook.
Impact
Adds globally available CodeWhale skills and workspace command triggers without an explicit runtime command.
Mechanism
Copies first-party CodeWhale skills and writes `.codewhale/instructions.md`.
Rationale
This is a concrete unconsented postinstall mutation of a first-party, package-owned CodeWhale extension surface, so it warrants a warning. Source inspection found no malicious execution or exfiltration chain supporting a publish block.
Evidence
package.jsontools-install.js.codewhale/instructions.md_list_sessions.js_extract_office.jsskills/history/SKILL.mdskills/snapshot/SKILL.mdskills/teach-me/SKILL.mdskills/tools/tools-skill/SKILL.md~/.codewhale/skills~/.codewhale/tools-readme.md~/.codewhale/CHANGELOG.md
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `codewhale-tools-install` on `postinstall`.
- `tools-install.js` writes workspace `.codewhale/instructions.md` using `INIT_CWD`.
- `tools-install.js` copies bundled agent skills into `~/.codewhale/skills`.
- Bundled instructions activate skills in CodeWhale sessions.
Evidence against
- No network, HTTP, or socket APIs are imported in package JavaScript.
- No shell, child-process, eval, VM, dynamic loading, or binary execution found.
- `_list_sessions.js` only reads local CodeWhale session JSON and prints metadata.
- `_extract_office.js` only reads a user-supplied Office file and prints extracted text.
- No credential harvesting, exfiltration, destructive deletion, or foreign agent-config writes found.
Behavioral surface
EnvironmentVarsFilesystem
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codewhale-tools-install
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codewhale-tools-install
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License