AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code mutates the package's CodeWhale agent-extension surface globally and injects workspace instructions. No source evidence establishes network delivery, credential theft, or remote execution.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall
Impact
An installation automatically changes future CodeWhale session behavior for the user and target workspace.
Mechanism
copies first-party skills and writes CodeWhale instruction files
Rationale
This is not concrete malware, but automatic install-time mutation of an AI-agent extension and workspace instruction surface is a real lifecycle risk. Flag as warn rather than block because the mutation is package-aligned and no malicious execution chain is present.
Evidence
package.jsontools-install.js.codewhale/instructions.md_list_sessions.js_extract_office.js~/.codewhale/skills/*~/.codewhale/tools-readme.md~/.codewhale/CHANGELOG.md<INIT_CWD>/.codewhale/instructions.md
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `codewhale-tools-install` on `postinstall`.
- `tools-install.js` copies bundled skills into `~/.codewhale/skills`.
- `tools-install.js` creates/appends `<INIT_CWD>/.codewhale/instructions.md` during install.
- Bundled instructions register agent-triggered commands and skills.
Evidence against
- No network client, endpoint, or exfiltration code found.
- No shell, child-process, eval, VM, or dynamic loader use found.
- `_list_sessions.js` only reads local CodeWhale session metadata.
- `_extract_office.js` only reads a supplied Office archive and prints text.
Behavioral surface
EnvironmentVarsFilesystem
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codewhale-tools-install
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codewhale-tools-install
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License