AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed unconsented npm postinstall mutation of broad AI-agent control surfaces. The package installs bundled skills, output styles, and agent prompts into multiple home-directory AI IDE locations and writes Peaks config during install.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs.
- scripts/install-skills.mjs postinstall fan-outs bundled skills to ~/.claude, ~/.trae, ~/.trae-cn, ~/.codex, ~/.cursor, ~/.qoder, ~/.tongyi-lingma, ~/.hermes, ~/.openclaw.
- scripts/install-skills.mjs copies bundled agents to AI-agent agent dirs and writes .peaks-managed marker files.
- scripts/install-skills.mjs creates/updates ~/.peaks/config.json during postinstall.
- scripts/install-skills.mjs may spawnSync('peaks', ['upgrade', ...]) from postinstall when 1.x project state is detected.
- No HTTP/fetch exfiltration endpoints found in inspected install path.
- Install script uses package-bundled skills/output-styles/agents, not downloaded remote payloads.
- Existing non-managed files are skipped rather than overwritten in several install paths.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L182Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Package source references weak cryptographic algorithms.
dist/src/services/code/job-shape-decision.jsView on unpkg · L92Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/workspace/migrate-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/session-auto-compact-hook-command.jsView on unpkg