registry  /  codewhale.history  /  2.11.15

codewhale.history@2.11.15

CodeWhale utility commands: session history, tool listing, file snapshot, interactive code quiz — global install

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The postinstall hook automatically installs CodeWhale skills globally and adds CodeWhale command instructions to the invoking workspace. This is first-party agent-extension setup, not a confirmed malicious chain.

Static reason
One or more suspicious static signals were detected.
Trigger
npm installation invokes `postinstall`.
Impact
Changes CodeWhale global/workspace agent behavior without a separate setup command; no data exfiltration or remote execution is present.
Mechanism
Copies local skills and writes CodeWhale instruction files.
Rationale
The lifecycle hook mutates CodeWhale-owned global and workspace agent configuration, which warrants a warning under the install-control-surface policy. The inspected source does not establish malicious behavior.
Evidence
package.jsontools-install.js.codewhale/instructions.md_list_sessions.js_extract_office.jsskills/~/.codewhale/skills/~/.codewhale/tools-readme.md~/.codewhale/CHANGELOG.mdREADME.mdCHANGELOG.md

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `tools-install.js` as `postinstall`.
  • `tools-install.js` copies skills into `~/.codewhale/skills`.
  • `tools-install.js` creates/appends project `.codewhale/instructions.md` during install.
  • Installed instructions register automatic AI-agent command triggers.
Evidence against
  • No network, HTTP, or socket code found.
  • No child process, eval, dynamic loading, or binary payloads found.
  • `_list_sessions.js` only reads local CodeWhale session JSON and prints metadata.
  • `_extract_office.js` only reads a user-supplied Office file and prints extracted text.
  • All install-time writes are CodeWhale-owned extension/config paths; no credential harvesting or exfiltration.
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 3 file(s), 13.8 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = codewhale-tools-install
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = codewhale-tools-install
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License