registry  /  create-obsidian-arrow  /  0.2.2

create-obsidian-arrow@0.2.2

Scaffold an Obsidian-styled Arrow.js UI sandbox (pnpm create obsidian-arrow <dir>).

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a scaffolder whose risky primitives are aligned with creating/updating a project template and optional documented skill installation.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs create-obsidian-arrow, then optionally runs pnpm install or pnpm skills:install in the generated project.
Impact
Creates or refreshes project template files; optional skill installer may install agent skills from the package-aligned GitHub repo.
Mechanism
Scaffold file copy/update plus documented optional npx skills install helper
Rationale
Static inspection shows a normal create-package CLI with no package-level lifecycle execution and no hidden credential theft, persistence, or exfiltration. The scanner hits are explained by documented user-facing scaffolding/update behavior and a generated-project skill installer that is opt-outable and inert in non-interactive postinstall contexts.
Evidence
package.jsonindex.mjstemplate/package.jsontemplate/scripts/install-skills.mjstemplate/scripts/pull-app-css.mjstemplate/AGENTS.mdtemplate/CLAUDE.mdtarget project: template files copied from template/target project/package.jsontarget project/.gitignoretarget project/.gittarget project/public/app.css
Network endpoints4
github.com/kylebrodeur/obsidian-arrow-sandboxgithub.com/vercel-labs/skillsobsidian.md/arrow-js.com/

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • template/package.json adds postinstall in generated projects, invoking template/scripts/install-skills.mjs.
  • template/scripts/install-skills.mjs can run npx --yes skills add/update from kylebrodeur/obsidian-arrow-sandbox when interactive/forced/user-invoked.
  • index.mjs writes scaffold/update files and runs git init when the bin is invoked.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks for this package itself.
  • index.mjs is a create-project CLI: copies vendored template, renames package.json, and only runs git init in the target dir.
  • template/scripts/install-skills.mjs is documented, opt-outable, no-op in CI/non-TTY unless forced, and prints manual install instructions.
  • No credential harvesting, destructive commands, obfuscated code, eval/vm/Function, native binary loading, or exfiltration endpoints found.
  • Network-related URLs are project/docs/repository links or the package-aligned npx skills source, not hidden exfiltration.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 48.1 KB of source

Source & flagged code

2 flagged · loading source
template/scripts/install-skills.mjsView file
35*/ L36: import { spawnSync } from "node:child_process"; L37: import fs from "node:fs";
High
Child Process

Package source references child process execution.

template/scripts/install-skills.mjsView on unpkg · L35
102console.log(`[skills] ${pretty}${where}`); L103: const result = spawnSync("npx", ["--yes", "skills", ...args], { L104: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

template/scripts/install-skills.mjsView on unpkg · L102

Findings

3 High1 Medium1 Low
HighChild Processtemplate/scripts/install-skills.mjs
HighShell
HighRuntime Package Installtemplate/scripts/install-skills.mjs
MediumEnvironment Vars
LowFilesystem