registry  /  digitalsee-ai-flow-skills  /  0.7.5

digitalsee-ai-flow-skills@0.7.5

AI Flow 连接流平台技能文档 — 为 AI 编码助手提供结构化技能文档

AI Security Review

scanned 16h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time behavior seeds bundled AI Flow knowledge files into a first-party $HOME/.ai-flow namespace. Agent skill installation into global agent directories is present but requires an explicit CLI command, not postinstall.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; explicit ai-flow-skills install for agent skills
Impact
Warn-level lifecycle risk from automatic home-directory AI helper data writes; no confirmed malicious control hijack or exfiltration.
Mechanism
first-party agent knowledge seeding and user-invoked skill installation
Policy narrative
The package has a postinstall hook, but inspection shows it only seeds bundled documentation and solution files under $HOME/.ai-flow. Broader agent skill installation is implemented through explicit CLI commands using npx skills add, so there is agent-extension lifecycle risk but not unconsented foreign AI-agent control-surface hijacking at install time.
Rationale
Because lifecycle code writes bundled AI-assistant support data into a package-owned home namespace, this fits warn-level agent extension lifecycle risk. No concrete malicious behavior, credential access, exfiltration, persistence, or unconsented writes to foreign agent control surfaces were found.
Evidence
package.jsonscripts/postinstall.shscripts/install.shscripts/ai-flow-skills-cli.shdist/claude-code/ai-flow/SKILL.md$HOME/.ai-flow/knowledge$HOME/.ai-flow/flow-solutionsagent global skills directory via npx skills add when user invokes install

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: bash scripts/postinstall.sh
  • scripts/postinstall.sh automatically creates and copies package docs into $HOME/.ai-flow/knowledge and $HOME/.ai-flow/flow-solutions
  • scripts/ai-flow-skills-cli.sh user-invoked install runs npx skills add --global for agent skills
Evidence against
  • postinstall does not write .claude, Cursor, MCP, shell startup, VCS hooks, or autostart files
  • postinstall only copies bundled dist/user-data files and skips if sources or $HOME/.ai-flow are unavailable
  • No credential harvesting, env scraping, remote code fetch, eval, or background persistence found
  • npm view version check is only in user-invoked ai-flow-skills check
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = bash scripts/postinstall.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bash scripts/postinstall.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 3815 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Build Helperscripts/install.sh
LowScripts Present