AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a video composition CLI that can install/update HyperFrames AI-agent skills into multiple local agent skill directories during user-invoked setup. This is a lifecycle risk but not confirmed malware because there is no npm install hook and the behavior is documented/first-party.
Decision evidence
public snapshot- dist/cli.js:117283 makes init skip skills only when HYPERFRAMES_SKIP_SKILLS=1; --skip-skills is logged as ignored.
- dist/cli.js:117398 calls keepSkillsCurrent during non-interactive init, which runs skills update by default.
- dist/cli.js:83183-83248 shells out to npx skills add/remove for https://github.com/heygen-com/hyperframes.
- dist/cli.js:83033-83116 enumerates many agent skill directories including codex, claude-code, cursor, gemini-cli, etc.
- dist/cli.js:78693 and dist/studio/index.js:1661 send usage telemetry to PostHog when enabled.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- The agent skill mutation is tied to explicit hyperframes init/skills commands, not npm install/import time.
- Skill source is first-party heygen-com/hyperframes and names are regex-sanitized before install/remove.
- Network endpoints largely align with CLI features: GitHub skill/asset fetch, HeyGen publish/feedback, PostHog telemetry, optional OpenRouter/Gemini vision with env keys.
- No source evidence of credential harvesting, destructive filesystem behavior, or remote payload execution outside declared CLI features.
Source & flagged code
3 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/studio/index.jsView on unpkg · L192Package contains source files above the static scanner size ceiling.
dist/studio/assets/index-BtAysyap.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkg