AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party AI Flow skill and knowledge installation, including install-time seeding into ~/.ai-flow. This is an agent extension lifecycle risk, but inspection did not find malicious exfiltration, remote code execution, or destructive persistence.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; explicit ai-flow-skills install/copy-to/check commands
Impact
User AI Flow/agent environments may gain package-provided documentation and skills; no confirmed malicious behavior identified.
Mechanism
shell scripts copy bundled AI Flow knowledge, flow-solutions, and skill files
Rationale
Static source inspection confirms lifecycle-driven first-party AI-agent extension setup, which warrants a warning, but the behavior is bounded to copying bundled package content and explicit skills CLI installation. No concrete malicious chain such as credential theft, exfiltration, remote payload execution, or unconsented foreign control-surface hijack was found.
Evidence
package.jsonscripts/postinstall.shscripts/install.shscripts/ai-flow-skills-cli.shscripts/build.shscripts/sync-docs.sh~/.ai-flow/knowledge~/.ai-flow/flow-solutionsagent target directories managed by npx skills adduser-specified copy-to target
Network endpoints1
registry.npmjs.org via npm view digitalsee-ai-flow-skills version
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: bash scripts/postinstall.sh
- scripts/postinstall.sh writes bundled knowledge and flow-solutions into ~/.ai-flow during npm install
- scripts/install.sh and CLI install invoke npx skills add to install bundled skills for selected agents
- scripts/build.sh and scripts/sync-docs.sh contain rm -rf cleanup commands for local build/source directories
Evidence against
- No credential, token, SSH, npmrc, browser, or environment harvesting found
- No install-time remote payload download or exfiltration endpoint found
- CLI network use is limited to explicit npm view digitalsee-ai-flow-skills version check
- Install/copy logic uses bundled docs/configs and preserves existing flow-solutions files
Behavioral surface
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bash scripts/postinstall.sh
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bash scripts/postinstall.sh
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgscripts/install.shView file
•path = scripts/install.sh
kind = build_helper
sizeBytes = 3815
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgFindings
1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Build Helperscripts/install.sh
LowScripts Present