AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package triggers an unconsented postinstall mutation of agent control surfaces in the consuming project. It replaces package-provided skill directories across multiple AI-agent platforms and then launches a broad skills sync.
Decision evidence
public snapshot- `package.json` runs `scripts/install.js` on `postinstall`.
- `scripts/install.js` locates the consuming project via `INIT_CWD`/cwd.
- Postinstall deletes and replaces four project agent-skill paths.
- It writes `.agents`, `.cursor`, `.claude`, and `.codex` control surfaces.
- It invokes `npx skills experimental_sync -y -a '*'` during installation.
- Skill contents are pitch and investor-diligence guidance, not credential collection.
- No hard-coded exfiltration endpoint, secret harvesting, eval, or payload loader found.
- Plugin manifests only declare the package's `skills` directory.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.jsView on unpkg · L7Package source references child process execution.
scripts/install.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
scripts/install.jsView on unpkg · L11