registry  /  create-obsidian-arrow  /  0.2.1

create-obsidian-arrow@0.2.1

Scaffold an Obsidian-styled Arrow.js UI sandbox (pnpm create obsidian-arrow <dir>).

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The risky primitives are scaffold-aligned: creating project files, initializing git, and optionally installing documented agent skills for generated projects.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs create-obsidian-arrow bin, then optionally runs pnpm install or skills scripts in the generated project.
Impact
Creates/updates scaffold-managed files and may install documented agent skills when user-interactive or explicitly requested.
Mechanism
project scaffold plus optional skills CLI installation
Rationale
Static inspection shows a normal create-* scaffold package with documented template and optional skill-install behavior, not hidden install-time execution in the published package or credential/data theft. The scanner flags map to package-aligned child_process and environment use in the generated project tooling.
Evidence
package.jsonindex.mjstemplate/package.jsontemplate/scripts/install-skills.mjstemplate/AGENTS.mdtemplate/CLAUDE.mdtemplate/AGENTS.mdCLAUDE.mdscripts/docs/.github/.huskybiome.json.gitignore
Network endpoints4
github.com/kylebrodeur/obsidian-arrow-sandbox#readmegithub.com/kylebrodeur/obsidian-arrow-sandbox/issuesgit+https://github.com/kylebrodeur/obsidian-arrow-sandbox.gitgithub.com/vercel-labs/skills

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • template/package.json defines postinstall running scripts/install-skills.mjs in generated projects.
  • template/scripts/install-skills.mjs can spawn npx --yes skills add/update from kylebrodeur/obsidian-arrow-sandbox when interactive or explicitly forced.
  • index.mjs scaffold/update writes template AGENTS.md and CLAUDE.md into target project as managed scaffold files.
Evidence against
  • package.json has no lifecycle scripts; package execution is via bin index.mjs only.
  • index.mjs copies a vendored template, renames package.json, and runs git init; no credential reads or exfiltration.
  • install-skills.mjs skips auto-install in CI/non-TTY, supports SKIP_SKILLS_INSTALL=1, and uses visible skills CLI commands.
  • No eval/vm/native binary loading or hidden network endpoints found by rg inspection.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 44.6 KB of source

Source & flagged code

2 flagged · loading source
template/scripts/install-skills.mjsView file
35*/ L36: import { spawnSync } from "node:child_process"; L37: import fs from "node:fs";
High
Child Process

Package source references child process execution.

template/scripts/install-skills.mjsView on unpkg · L35
102console.log(`[skills] ${pretty}${where}`); L103: const result = spawnSync("npx", ["--yes", "skills", ...args], { L104: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

template/scripts/install-skills.mjsView on unpkg · L102

Findings

3 High1 Medium1 Low
HighChild Processtemplate/scripts/install-skills.mjs
HighShell
HighRuntime Package Installtemplate/scripts/install-skills.mjs
MediumEnvironment Vars
LowFilesystem