AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The package is an agent skill/tool manager that can explicitly install skills and hooks into Claude/Codex/Cursor-style directories when the user runs its CLI.
Decision evidence
public snapshot- bin/cli.js exposes user-invoked hskill hooks install for claude/codex hook registration.
- lib/installer.js writes ~/.claude/settings.json or project .claude/settings.json hook entries.
- lib/installer.js writes ~/.codex/hooks.json and copies hook scripts into ~/.codex/hooks or project .codex/hooks.
- lib/installer.js can append package tool snippets to ~/.zshrc after TTY confirmation.
- bin/cli.js update runs npm install -g harveyz-skill@latest only when user invokes hskill update.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/cli.js is a CLI bin entrypoint; risky actions are subcommands or interactive selections, not import/install-time execution.
- No credential harvesting or external exfiltration endpoint found in inspected hot paths.
- Hook script hooks/check-similar-branch/check-similar-branch.sh checks git branch creation and calls local claude CLI; no exfiltration seen.
- Scanner blob/test findings are fixtures or __init__.py files, not active install payloads.
Source & flagged code
9 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L161Source writes installer persistence such as shell profile or service configuration.
lib/installer.jsView on unpkg · L56Package ships non-JavaScript build or shell helper files.
tools/sync-agent/sync_agent/syncthing.pyView on unpkgPackage ships compressed or archive-like blobs.
skills/writing/forge-doc/tests/fixtures/full-test-rb.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
skills/writing/forge-doc/tests/fixtures/full-test-rb.docxView on unpkgPackage ships high-entropy non-source blobs.
skills/writing/forge-doc/tests/fixtures/full-test-thesis.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
tools/sync-agent/tests/__init__.pyView on unpkg