AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. An npm postinstall mutates the broad Claude Code skill control surface without user action. It installs package-authored skill instructions and scripts, then executes a copied sync helper.
Decision evidence
public snapshot- `package.json` runs `node install.js` as `postinstall`.
- `install.js` unconditionally copies package content into `~/.claude/skills/hyper-animator`.
- `install.js` writes `~/.claude/skills/hyper-animator/.env` during install.
- `install.js` rewrites installed `SKILL.md` frontmatter.
- Postinstall executes copied `sync-catalog.py`, which invokes the external `hyperframes` CLI.
- No credential exfiltration found in the inspected installer.
- MiniMax API calls are in explicit generation helpers, not the installer.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
install.jsView on unpkg · L12Source file is highly similar to a previously finalized malicious package; route for source-aware review.
install.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
install.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
skills/hyper-animator/scripts/lint-html.pyView on unpkg