AI Security Review
scanned 42m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface: the package is a scaffolding CLI that writes a new app template, configures project files, installs a first-party DeepSpace skill, and starts dependency installation in the scaffolded app. The risky primitives are explicit CLI-time setup behavior, not install-time package compromise.
Decision evidence
public snapshot- dist/index.js creates .claude/launch.json in the scaffolded app with npx deepspace dev settings.
- dist/index.js runs user-triggered npx -y skills@latest add deepdotspace/deepspace-skill -y during CLI scaffolding.
- dist/index.js starts detached dist/install-worker.js after scaffolding to install dependencies.
- dist/index.js uses execSync for git init and optional --local npm pack in user-specified paths.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build.
- bin entry is dist/index.js, so behavior is activated by explicit create-deepspace CLI use.
- dist/index.js scaffolds templates, edits the new app package.json, and writes .gitignore/.deepspace status files in the target app.
- Agent skill install is first-party/package-aligned and failure is logged locally to .deepspace/skill.err.
- No credential harvesting or exfiltration endpoints found in inspected source.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L333