AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The postinstall hook automatically installs CodeWhale skills globally and adds CodeWhale command instructions to the invoking workspace. This is first-party agent-extension setup, not a confirmed malicious chain.
Static reason
One or more suspicious static signals were detected.
Trigger
npm installation invokes `postinstall`.
Impact
Changes CodeWhale global/workspace agent behavior without a separate setup command; no data exfiltration or remote execution is present.
Mechanism
Copies local skills and writes CodeWhale instruction files.
Rationale
The lifecycle hook mutates CodeWhale-owned global and workspace agent configuration, which warrants a warning under the install-control-surface policy. The inspected source does not establish malicious behavior.
Evidence
package.jsontools-install.js.codewhale/instructions.md_list_sessions.js_extract_office.jsskills/~/.codewhale/skills/~/.codewhale/tools-readme.md~/.codewhale/CHANGELOG.mdREADME.mdCHANGELOG.md
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `tools-install.js` as `postinstall`.
- `tools-install.js` copies skills into `~/.codewhale/skills`.
- `tools-install.js` creates/appends project `.codewhale/instructions.md` during install.
- Installed instructions register automatic AI-agent command triggers.
Evidence against
- No network, HTTP, or socket code found.
- No child process, eval, dynamic loading, or binary payloads found.
- `_list_sessions.js` only reads local CodeWhale session JSON and prints metadata.
- `_extract_office.js` only reads a user-supplied Office file and prints extracted text.
- All install-time writes are CodeWhale-owned extension/config paths; no credential harvesting or exfiltration.
Behavioral surface
EnvironmentVarsFilesystem
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codewhale-tools-install
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codewhale-tools-install
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License