AI Security Review
scanned 19m ago · by lpm-firewall-aiNo confirmed install-time malware was found, but the user-invoked CLI mutates broad AI-agent control surfaces and can launch local agents with disabled permission/sandbox flags. This is a dangerous agent platform capability rather than a silent npm lifecycle hijack.
Decision evidence
public snapshot- bin/imhcode.js default init copies package CLAUDE.md, AGENTS.md, and full skills/ into ~/.claude, ~/.gemini, and ~/.copilot.
- bin/imhcode.js overwrites ~/.imhcode agents/skills/docs and installs shims in ~/.imhcode/bin and ~/.local/bin, with shell rc PATH edits.
- bin/imhcode.js ensureCavemanAndGraphify may run npm install -g skills and npx skills add juliusbrussee/caveman during init.
- src/orchestrator/executor.ts live adapters spawn local AI CLIs; OpenCode uses --dangerously-skip-permissions and Codex uses --dangerously-bypass-approvals-and-sandbox.
- Generated sprint scripts execute imhcode agent run ... --live via shell when user runs imhcode execute/test.
- package.json has no preinstall/install/postinstall lifecycle hooks, so behavior is not npm-install triggered.
- The broad writes are reached by the user-invoked imhcode initializer, not import-time execution.
- No credential harvesting, secret scanning, or data exfiltration path was found in inspected entrypoints.
- Network activity is package-aligned tooling/model setup or bundled skill utilities, not silent exfiltration.
- Shell execution primarily runs generated project sprint/test scripts or selected local AI CLIs after explicit CLI commands.
Source & flagged code
22 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
skills/typeui-main/src/prompts/designSystem.tsView on unpkg · L18Source writes persistence or remote-access backdoor material.
bin/imhcode.jsView on unpkg · L24A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/imhcode.jsView on unpkg · L24This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/imhcode.jsView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
bin/imhcode.jsView on unpkg · L24Package source references dynamic require/import behavior.
bin/imhcode.jsView on unpkg · L22Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
skills/ui-ux-pro-max/.claude/skills/design/scripts/cip/generate.pyView on unpkgPackage ships high-entropy non-source blobs.
skills/theme-factory/theme-showcase.pdfView on unpkgHardcoded password in skills/graphify/skill-windows.md
skills/graphify/skill-windows.mdView on unpkg · L681Hardcoded password in skills/graphify/skill-trae.md
skills/graphify/skill-trae.mdView on unpkg · L592Hardcoded password in skills/graphify/skill-pi.md
skills/graphify/skill-pi.mdView on unpkg · L543Hardcoded password in skills/graphify/skill-codex.md
skills/graphify/skill-codex.mdView on unpkg · L605Hardcoded password in skills/graphify/skill-kiro.md
skills/graphify/skill-kiro.mdView on unpkg · L543Hardcoded password in skills/graphify/skill-copilot.md
skills/graphify/skill-copilot.mdView on unpkg · L603Hardcoded password in skills/graphify/skill-opencode.md
skills/graphify/skill-opencode.mdView on unpkg · L655Hardcoded password in skills/graphify/skill-aider.md
skills/graphify/skill-aider.mdView on unpkg · L544Hardcoded password in skills/graphify/skill-claw.md
skills/graphify/skill-claw.mdView on unpkg · L544Hardcoded password in skills/graphify/skill-droid.md
skills/graphify/skill-droid.mdView on unpkg · L600Hardcoded password in skills/django-tdd/SKILL.md
skills/django-tdd/SKILL.mdView on unpkg · L25Hardcoded password in skills/django-tdd/SKILL.md
skills/django-tdd/SKILL.mdView on unpkg · L117Hardcoded password in skills/django-tdd/SKILL.md
skills/django-tdd/SKILL.mdView on unpkg · L126