AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package performs install-time mutation of broad AI-agent control surfaces in the user's home directory. This is lifecycle-triggered and not limited to a first-party app-owned namespace.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs.
- scripts/install-skills.mjs runs on lifecycle and iterates all IDE profiles, not only an explicit user-selected one.
- installBundledSkillsForAllPlatforms symlinks bundled skills into ~/.claude, ~/.trae, ~/.codex, ~/.cursor, ~/.qoder, ~/.tongyi-lingma, ~/.hermes, and ~/.openclaw skills dirs.
- installBundledAgentsForAllPlatforms copies package agent prompt agents/karpathy-reviewer.md into ~/.claude/agents by default.
- Lifecycle also creates ~/.peaks/config.json with default provider/token structure and can spawn peaks upgrade --to 2.0 --auto for detected 1.x projects.
- Installer has PEAKS_SKIP_* opt-out env vars and symlink/hardlink safety checks.
- No credential harvesting or exfiltration endpoints found in inspected lifecycle path.
- Bundled content is product-aligned workflow/agent instructions rather than an obfuscated payload.
- Existing non-managed local skill/agent/output-style files are skipped rather than overwritten.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L151Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Package source references weak cryptographic algorithms.
dist/src/services/solo/job-shape-decision.jsView on unpkg · L92Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/workspace/migrate-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/session-auto-compact-hook-command.jsView on unpkg