AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package triggers unconsented mutation of broad, foreign AI-agent control surfaces. It deploys package-controlled skills, prompts, and styles across multiple agent platforms and modifies user configuration.
Decision evidence
public snapshot- `package.json` runs `scripts/install-skills.mjs` as `postinstall`.
- `scripts/install-skills.mjs` fan-outs bundled skills to every configured AI-agent home directory, including `~/.codex/skills`, `~/.cursor/skills`, and `~/.claude/skills`.
- The postinstall creates symlinks to package-supplied skill directories and writes `.peaks-managed` markers.
- The postinstall copies package-supplied agent prompts into agent loader directories and writes output styles.
- The postinstall creates/updates `~/.peaks/config.json` and can invoke `peaks upgrade --auto` against the install CWD.
- Install script has opt-out environment variables and symlink/path-integrity checks.
- No network request or credential-exfiltration behavior was found in the inspected postinstall path.
- Bundled skill text includes directions not to persist sensitive browser/session data.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/services/upgrade/upgrade-service.jsView on unpkg · L182Package source references dynamic require/import behavior.
dist/cli/commands/loop-eval-commands.jsView on unpkg · L478Package source references weak cryptographic algorithms.
dist/services/code/job-shape-decision.jsView on unpkg · L92Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/runtime/vendors/codex.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/services/runtime/vendors/copilot.jsView on unpkg