AI Security Review
scanned 11h ago · by lpm-firewall-aiThe package lifecycle hook mutates broad AI-agent control surfaces in the user's home directory during npm install. It plants package-supplied skills, output styles, and Claude agent prompts across Claude/Codex/Cursor/other IDE namespaces without an explicit user-invoked command.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs
- scripts/install-skills.mjs postinstall symlinks bundled skills into ~/.claude, ~/.codex, ~/.cursor, ~/.trae, ~/.qoder and other IDE skill dirs
- scripts/install-skills.mjs copies bundled agent prompts into ~/.claude/agents with managed overwrite markers
- scripts/install-skills.mjs writes ~/.peaks/config.json during install unless opt-out env vars are set
- scripts/install-skills.mjs can auto-run peaks upgrade --to 2.0 --auto, whose upgrade-service includes hooks install and skill sync steps
- agents/karpathy-reviewer.md is a package-supplied Claude sub-agent prompt with Bash tool access
- Install script uses symlink/marker safety checks and preserves unmanaged local files
- No credential harvesting or network exfiltration endpoints found in inspected install path
- Bundled content appears product-aligned for a workflow/agent CLI rather than classic malware
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L151Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/workspace/migrate-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/session-auto-compact-hook-command.jsView on unpkg