AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack surface. The main residual risk is explicit user-command installation of first-party AI-agent skills into common agent config locations.
Decision evidence
public snapshot- install.js explicitly copies bundled SKILL.md files into .claude/skills, .cursor/rules, copilot-instructions.md, or AGENTS.md when invoked.
- scripts/sync-skills.js has --apply path that runs git push, npm version, and npm publish, but it is a maintainer sync script, not lifecycle-triggered.
- scripts/crawl-site.js performs user-supplied HTTP/HTTPS crawling and writes markdown output files.
- package.json defines no preinstall/install/postinstall/prepare lifecycle hooks.
- bin/docs-skills.js only dispatches explicit CLI commands; import-time behavior is help/list/info unless a command is supplied.
- No credential/env harvesting, obfuscation, eval/vm/Function, native binary loading, or remote payload execution found.
- Network endpoints are package/user-aligned: docsbook.io/github URLs in docs/index metadata and user-provided crawl URLs.
- sync-skills.js is dry-run by default and requires --apply for mutating git/npm actions.
Source & flagged code
3 flagged · loading sourceSource mutates package metadata and republishes itself to npm.
scripts/sync-skills.jsView on unpkg · L8Package source references child process execution.
scripts/sync-skills.jsView on unpkg · L26Package source references dynamic require/import behavior.
bin/docs-skills.jsView on unpkg · L1