AI Security Review
scanned 7m ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates broad AI-agent control surfaces during npm postinstall by copying its skill into multiple agent directories. The installed skill appears domain-aligned, but the install-time unconsented agent extension deployment is a concrete policy-blocking behavior.
Decision evidence
public snapshot- package.json defines postinstall: node bin/cli.js install --postinstall
- bin/cli.js postinstall path calls install(true) without prompting
- bin/cli.js copies package skill/ into six AI-agent skill directories under user home
- Targets broad/foreign agent control surfaces: .claude, .github/copilot, .cursor, .antigravity, .codex, .devin
- No network or exfiltration endpoints found in inspected source
- Skill content is aligned with Android Perfetto analysis
- Python helpers are user-invoked from the installed skill, not npm install-time
- No credential/env harvesting, eval/vm/Function, native binary loading, or remote payload fetch found
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/cli.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
skill/scripts/parse_perfetto_pb.pyView on unpkg