registry  /  create-obsidian-arrow  /  0.5.0

create-obsidian-arrow@0.5.0

Scaffold an Obsidian-styled Arrow.js UI sandbox (pnpm create obsidian-arrow <dir>).

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface in the npm package install path. The main residual risk is guarded, documented agent-skill setup in scaffolded projects.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs create-obsidian-arrow, then runs pnpm install or pnpm skills:install inside the generated project
Impact
May add/update package-aligned agent skills for the scaffolded project or an explicitly selected target scope
Mechanism
guarded agent skill installer via npx skills
Policy narrative
The package is a project scaffolder. Its generated template includes a postinstall helper that can invoke npx skills to install/update package-aligned agent skills, but it is documented, skips CI/non-TTY automatic execution, supports opt-out/dry-run, and is tied to user-created scaffold workflows rather than the package's own install lifecycle.
Rationale
Source inspection shows a guarded agent-extension lifecycle risk, not concrete malware or unconsented foreign agent hijack during package installation. Scanner child_process/package-install findings map to documented git init and optional skills setup, with no exfiltration or hidden payload behavior.
Evidence
package.jsonindex.mjstemplate/package.jsontemplate/scripts/install-skills.mjstemplate/AGENTS.mdtemplate/CLAUDE.md
Network endpoints2
github.com/kylebrodeur/obsidian-arrow-sandboxgithub.com/vercel-labs/skills

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • template/package.json defines postinstall: node scripts/install-skills.mjs
  • template/scripts/install-skills.mjs can run npx --yes skills add kylebrodeur/obsidian-arrow-sandbox --all
  • template/scripts/install-skills.mjs supports --global, --project-dir, and agent skill installation into agent-visible locations
  • index.mjs update copies AGENTS.md and CLAUDE.md into scaffolded project managed files
Evidence against
  • package.json has no lifecycle scripts for installing create-obsidian-arrow itself
  • index.mjs bin is user-invoked scaffolding/update; no import-time execution beyond CLI flow
  • postinstall skill installer exits in CI/non-TTY unless forced and offers interactive picker for human terminals
  • No credential harvesting, exfiltration endpoints, eval/vm, native binaries, or destructive behavior found
  • Network/package-manager use is limited to documented npx skills CLI for project agent skills
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 44 file(s), 105 KB of source

Source & flagged code

3 flagged · loading source
template/scripts/install-skills.mjsView file
35*/ L36: import { spawnSync } from "node:child_process"; L37: import fs from "node:fs";
High
Child Process

Package source references child process execution.

template/scripts/install-skills.mjsView on unpkg · L35
102console.log(`[skills] ${pretty}${where}`); L103: const result = spawnSync("npx", ["--yes", "skills", ...args], { L104: cwd,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

template/scripts/install-skills.mjsView on unpkg · L102
template/scripts/check-orphaned-css.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = create-obsidian-arrow@0.4.1 matchedIdentity = npm:Y3JlYXRlLW9ic2lkaWFuLWFycm93:0.4.1 similarity = 0.818 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

template/scripts/check-orphaned-css.mjsView on unpkg

Findings

1 Critical3 High2 Medium2 Low
CriticalPrevious Version Dangerous Deltatemplate/scripts/check-orphaned-css.mjs
HighChild Processtemplate/scripts/install-skills.mjs
HighShell
HighRuntime Package Installtemplate/scripts/install-skills.mjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings