AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates broad AI-agent extension directories during npm postinstall by installing a bundled skill. This is an unconsented install-time write to multiple foreign agent control surfaces.
Decision evidence
public snapshot- package.json defines postinstall: node bin/cli.js install --postinstall
- bin/cli.js postinstall path copies bundled skill into multiple AI-agent skill directories under the user's home
- Targets broad/foreign agent control surfaces: .claude, .github/copilot, .cursor, .antigravity, .codex, .devin
- Install is silent during postinstall, so the agent extension mutation occurs without explicit user command
- No network endpoints, fetch/curl/wget/socket use, or exfiltration code found
- No credential/env harvesting found
- No eval/vm/Function or dynamic remote payload loading found
- Bundled skill content is package-aligned Perfetto/Android performance analysis documentation and local helper scripts
- Python helpers are user-invoked for adb/perfetto trace collection and parsing
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/cli.jsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
skill/scripts/parse_perfetto_pb.pyView on unpkg