AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time script mutates broad AI-agent control surfaces across multiple IDEs. This is unconsented postinstall setup of skills, agents, output styles, and config outside the package directory.
Decision evidence
public snapshot- package.json defines postinstall: node ./scripts/install-skills.mjs
- scripts/install-skills.mjs postinstall symlinks bundled skills into ~/.claude, ~/.trae, ~/.codex, ~/.cursor, ~/.qoder, ~/.tongyi-lingma, ~/.hermes, ~/.openclaw, ~/.zcode
- scripts/install-skills.mjs copies bundled agents/*.md into AI-agent agents dirs such as ~/.claude/agents
- scripts/install-skills.mjs writes ~/.peaks/config.json and AI output-styles with .peaks-managed markers
- scripts/install-skills.mjs may spawn `peaks upgrade --to 2.0 --auto --project ...` during postinstall when 1.x project state is detected
- No credential harvesting or exfiltration endpoints found in inspected postinstall path
- Writes are package-branded Peaks skills/agents/output-styles rather than obfuscated payloads
- Uses symlink/marker validation and skip env vars such as PEAKS_SKIP_SKILL_INSTALL and PEAKS_SKIP_AGENT_INSTALL
- bin/peaks.js only imports dist/src/cli/index.js; CLI behavior is user-invoked
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/src/shared/process.jsView on unpkg · L1Package source references shell execution.
dist/src/services/upgrade/upgrade-service.jsView on unpkg · L182Package source references dynamic require/import behavior.
dist/src/cli/commands/loop-eval-commands.jsView on unpkg · L478Package source references weak cryptographic algorithms.
dist/src/services/code/job-shape-decision.jsView on unpkg · L92Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skills.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/src/cli/commands/playwright-commands.jsView on unpkg · L27Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/playwright-commands.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/code-review/ocr-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/artifacts/artifact-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/services/workspace/migrate-service.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/src/cli/commands/session-auto-compact-hook-command.jsView on unpkg