AI Security Review
scanned 8h ago · by lpm-firewall-aiThe package performs unconsented install-time mutation of multiple AI-agent control surfaces. The behavior is package-aligned but broad and lifecycle-triggered, which is blockable under the firewall policy.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs.
- scripts/install-skills.mjs postinstall symlinks bundled skills into ~/.claude, ~/.codex, ~/.cursor, ~/.trae, ~/.qoder, ~/.tongyi-lingma and others.
- scripts/install-skills.mjs copies bundled agent prompts into ~/.claude/agents and output styles into ~/.claude/output-styles by default.
- scripts/install-skills.mjs creates/updates ~/.peaks/config.json during postinstall and may spawn `peaks upgrade --to 2.0 --auto` for detected 1.x projects.
- Bundled SKILL.md files contain agent workflow instructions intended for AI IDE control surfaces.
- No credential harvesting or external exfiltration endpoints found in inspected lifecycle code.
- Network URLs observed are repository/homepage metadata; Playwright npx use is behind an explicit CLI command, not import-time.
- Lifecycle installer has opt-out env vars and symlink/marker safety checks, but these do not make the default install user-consented.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L151Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Package source references weak cryptographic algorithms.
dist/src/services/solo/job-shape-decision.jsView on unpkg · L92Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/workspace/migrate-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/session-auto-compact-hook-command.jsView on unpkg