AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `incanto-skills` (for example through npx).
Impact
Changes agent guidance available in the caller project; no automatic installation, exfiltration, or remote payload execution was found.
Mechanism
Copies first-party skill files into a selected AI-agent configuration path.
Rationale
The package is not malicious by source inspection, but policy requires a warning for explicit first-party AI-agent skill installation. The remaining dynamic imports and network references are package-aligned game-engine functionality.
Evidence
package.jsonbin/incanto-skills.mjsbin/incanto-editor.mjsbin/incanto-assets.mjsbin/incanto-env.mjsdist/index.jsskills/incanto-*.md.claude/skills/<skill-name>/SKILL.md.claude/skills/incanto-skills.json
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/incanto-skills.mjs` explicitly copies package skills into `.claude/skills` by default.
- The same command writes `incanto-skills.json` in the selected project output.
- This agent-surface mutation is user-invoked via the `incanto-skills` bin, not install-time.
Evidence against
- `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
- Reviewed CLI files show no credential harvesting, shell execution, eval/vm use, or destructive filesystem actions.
- `bin/incanto-editor.mjs` binds to loopback by default and bounds scene-file writes to project `*.scene.json` paths.
- Network code is game-asset preloading and an optional Agent8 transport, not package telemetry or exfiltration.
Behavioral surface
ChildProcessDynamicRequireFilesystemNetwork
HighEntropyStringsMinifiedProtestwareUrlStrings
NoLicense
Oversized source lightweight scan
editor/assets/rapier-DE6a0vmv.js2.13 MB file, sampled 256 KB
NetworkMinified
Source & flagged code
3 flagged · loading sourcebin/incanto-assets.mjsView file
84if (entry.animation) {
L85: const { spriteFromLibraryMeta } = await import(
L86: pathToFileURL(join(PKG, 'dist', '2d.js')).href
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/incanto-assets.mjsView on unpkg · L84assets/audio/attacked.mp3View file
•path = assets/audio/attacked.mp3
kind = high_entropy_blob
sizeBytes = 8757
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
assets/audio/attacked.mp3View on unpkgeditor/assets/rapier-DE6a0vmv.jsView file
•path = editor/assets/rapier-DE6a0vmv.js
kind = oversized_source_file
sizeBytes = 2236503
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
editor/assets/rapier-DE6a0vmv.jsView on unpkgFindings
2 High4 Medium5 Low
HighShips High Entropy Blobassets/audio/attacked.mp3
HighOversized Source Fileeditor/assets/rapier-DE6a0vmv.js
MediumDynamic Requirebin/incanto-assets.mjs
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License