registry  /  digitalsee-ai-flow-skills  /  0.7.6-beta

digitalsee-ai-flow-skills@0.7.6-beta

AI Flow 连接流平台技能文档 — 为 AI 编码助手提供结构化技能文档

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party AI Flow skill and knowledge installation, including install-time seeding into ~/.ai-flow. This is an agent extension lifecycle risk, but inspection did not find malicious exfiltration, remote code execution, or destructive persistence.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; explicit ai-flow-skills install/copy-to/check commands
Impact
User AI Flow/agent environments may gain package-provided documentation and skills; no confirmed malicious behavior identified.
Mechanism
shell scripts copy bundled AI Flow knowledge, flow-solutions, and skill files
Rationale
Static source inspection confirms lifecycle-driven first-party AI-agent extension setup, which warrants a warning, but the behavior is bounded to copying bundled package content and explicit skills CLI installation. No concrete malicious chain such as credential theft, exfiltration, remote payload execution, or unconsented foreign control-surface hijack was found.
Evidence
package.jsonscripts/postinstall.shscripts/install.shscripts/ai-flow-skills-cli.shscripts/build.shscripts/sync-docs.sh~/.ai-flow/knowledge~/.ai-flow/flow-solutionsagent target directories managed by npx skills adduser-specified copy-to target
Network endpoints1
registry.npmjs.org via npm view digitalsee-ai-flow-skills version

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: bash scripts/postinstall.sh
  • scripts/postinstall.sh writes bundled knowledge and flow-solutions into ~/.ai-flow during npm install
  • scripts/install.sh and CLI install invoke npx skills add to install bundled skills for selected agents
  • scripts/build.sh and scripts/sync-docs.sh contain rm -rf cleanup commands for local build/source directories
Evidence against
  • No credential, token, SSH, npmrc, browser, or environment harvesting found
  • No install-time remote payload download or exfiltration endpoint found
  • CLI network use is limited to explicit npm view digitalsee-ai-flow-skills version check
  • Install/copy logic uses bundled docs/configs and preserves existing flow-solutions files
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = bash scripts/postinstall.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bash scripts/postinstall.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/install.shView file
path = scripts/install.sh kind = build_helper sizeBytes = 3815 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/install.shView on unpkg

Findings

1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Build Helperscripts/install.sh
LowScripts Present