AI Security Review
scanned 3d ago · by lpm-firewall-aiInstall-time lifecycle mutates AI-agent control surfaces in user home directories. It installs package-supplied skills, output styles, and Claude agent prompts without requiring an explicit user command beyond npm install.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs
- scripts/install-skills.mjs runs on lifecycle and calls installBundledSkillsForAllPlatforms, installBundledOutputStyles, installBundledAgentsForAllPlatforms
- postinstall symlinks package skills into ~/.claude, ~/.trae, ~/.codex, ~/.cursor, ~/.qoder, ~/.tongyi-lingma and related skills dirs
- postinstall copies agent prompt agents/karpathy-reviewer.md into ~/.claude/agents with managed marker files
- postinstall writes ~/.peaks/config.json and may spawn peaks upgrade for detected 1.x projects
- No credential harvesting or external exfiltration found in inspected hot files
- Network URLs in inspected package are documentation/readme links or user-invoked npx playwright-mcp@latest runtime behavior
- Child process usage is mostly CLI orchestration after user commands, except the postinstall auto-upgrade spawn
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L151Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27