registry  /  enterprise-skills  /  3.2.0

enterprise-skills@3.2.0

Enterprise AI Skills Platform CLI — init, install, audit, and adapt skills across any IDE

AI Security Review

scanned 5h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package is an AI skills CLI with explicit user-command project setup that can install first-party Cursor hooks and contact package-aligned services.

Static reason
No blocking static signals were detected.
Trigger
User runs enterprise-skills init, onboard, setup-hooks, license, sync, update, feedback, or other CLI commands.
Impact
Cursor hooks can gate prompts and create .project-ai orchestration artifacts; telemetry/feedback/license flows send bounded package data to vendor APIs.
Mechanism
User-invoked AI-agent hook setup and package-aligned telemetry/content APIs
Rationale
Static inspection shows a user-invoked first-party agent extension setup path and package-aligned network telemetry/content flows, but no npm install-time hijack, exfiltration, remote payload execution, or destructive behavior. This is not malicious; the remaining risk is the documented agent hook lifecycle behavior.
Evidence
package.jsondist/index.jsdist/lib/cursor-hooks.jstemplates/cursor-hooks/input-gateway.mjsdist/telemetry.jsdist/feedback.jsdist/content.jsdist/lib/commercial-layer.js.cursor/hooks.json.cursor/hooks/enterprise-skills/input-gateway.mjs.cursor/hooks/enterprise-skills/session-start.mjs.cursor/hooks/enterprise-skills/stop-signal-active.mjs.project-ai/orchestration-hooks.json.project-ai/skill-outputs/_task-contract.yaml~/.enterprise-skills/.telemetry-queue.json~/.enterprise-skills/.feedback-queue.json~/.enterprise-skills/skills/*.md~/.enterprise-skills/registry/canonical-skills.yaml
Network endpoints5
enterpriseskills.ai/api/skills-bundleenterpriseskills.ai/pricingenterprise-skills-site.vercel.app/apienterprise-skills-site.vercel.app/api/telemetryenterprise-skills-site.vercel.app/api/feedback

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/lib/cursor-hooks.js installs .cursor/hooks/enterprise-skills scripts and merges .cursor/hooks.json when setup/init/onboard commands are run.
  • templates/cursor-hooks/input-gateway.mjs hooks userPromptSubmit, reads prompt stdin, runs enterprise-skills orchestrate start-task, and can block on decision=block.
  • dist/index.js flushes telemetry and feedback after CLI actions; dist/telemetry.js posts queued events with local license_key to enterprise-skills-site.vercel.app.
  • dist/lib/commercial-layer.js can spawn local commercial pre/post onboard scripts discovered from explicit/env/project paths during onboard.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts.
  • Cursor hook installation is user-invoked via CLI init/onboard/setup-hooks, not npm install-time mutation.
  • Network endpoints are package-aligned licensing, bundle, update, telemetry, and feedback APIs.
  • dist/content.js sanitizes downloaded bundle entries, bounds size/count, and restricts skill writes to safe .md basenames.
  • No credential harvesting, broad file collection, remote shell payload, persistence outside documented project/home config, or destructive behavior found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 34 file(s), 240 KB of source, external domains: enterprise-skills-site.vercel.app, enterpriseskills.ai

Source & flagged code

4 flagged · loading source
dist/lib/cursor-hooks.jsView file
Published source reference
Medium
Ai Review Evidence

dist/lib/cursor-hooks.js installs .cursor/hooks/enterprise-skills scripts and merges .cursor/hooks.json when setup/init/onboard commands are run.

dist/lib/cursor-hooks.jsView on unpkg
templates/cursor-hooks/input-gateway.mjsView file
Published source reference
Medium
Ai Review Evidence

templates/cursor-hooks/input-gateway.mjs hooks userPromptSubmit, reads prompt stdin, runs enterprise-skills orchestrate start-task, and can block on decision=block.

templates/cursor-hooks/input-gateway.mjsView on unpkg
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

dist/index.js flushes telemetry and feedback after CLI actions; dist/telemetry.js posts queued events with local license_key to enterprise-skills-site.vercel.app.

dist/index.jsView on unpkg
dist/lib/commercial-layer.jsView file
Published source reference
Medium
Ai Review Evidence

dist/lib/commercial-layer.js can spawn local commercial pre/post onboard scripts discovered from explicit/env/project paths during onboard.

dist/lib/commercial-layer.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/lib/cursor-hooks.js
MediumAi Review Evidencetemplates/cursor-hooks/input-gateway.mjs
MediumAi Review Evidencedist/index.js
MediumAi Review Evidencedist/lib/commercial-layer.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License