registry  /  digitalsee-ai-flow-skills  /  0.7.4

digitalsee-ai-flow-skills@0.7.4

AI Flow 连接流平台技能文档 — 为 AI 编码助手提供结构化技能文档

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package has an install-time hook that seeds package-owned AI Flow knowledge files under the user's home directory. It does not automatically mutate Claude/Cursor agent skill directories during postinstall; that occurs only via explicit CLI install.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user-invoked ai-flow-skills install or copy-to runs broader setup
Impact
Lifecycle writes user-level package data; explicit commands can install bundled skills into agent-managed locations
Mechanism
first-party AI Flow skill/knowledge file seeding
Rationale
This is a package-aligned AI Flow skills distribution with a real lifecycle write to user home, but no concrete malicious chain or unconsented broad agent control-surface mutation was found. The residual risk is first-party agent extension lifecycle/setup behavior, so warn rather than block.
Evidence
package.jsonscripts/postinstall.shscripts/install.shscripts/ai-flow-skills-cli.shscripts/build.shREADME.mddist/claude-code/ai-flow/SKILL.md$HOME/.ai-flow/knowledge$HOME/.ai-flow/flow-solutionsdist/user-data/knowledgedist/user-data/flow-solutionsdist/claude-codetarget directory passed to copy-to

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: bash scripts/postinstall.sh
  • scripts/postinstall.sh creates and writes $HOME/.ai-flow/knowledge and $HOME/.ai-flow/flow-solutions during npm install
  • scripts/ai-flow-skills-cli.sh install explicitly runs npx skills add to install agent skills globally
  • scripts/ai-flow-skills-cli.sh check invokes npm view for version lookup
Evidence against
  • postinstall only copies bundled dist/user-data files and strips .DS_Store; no credential reads or exfiltration found
  • agent skill installation is behind explicit ai-flow-skills install command, not postinstall
  • No curl/wget or arbitrary remote payload execution found in lifecycle scripts
  • No eval/vm/Function/native binary loading found
  • README documents the postinstall ~/.ai-flow data seeding and explicit skill install flow
  • Bundled SKILL.md files are domain documentation for AI Flow workflows, with user-confirmation guardrails
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = bash scripts/postinstall.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bash scripts/postinstall.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 3815 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Build Helperscripts/install.sh
LowScripts Present