AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `remarque skills add` or another `remarque skills` subcommand.
Impact
Can add the package's bundled review instructions to selected or global coding-agent configurations.
Mechanism
Explicit delegated AI-agent skill installation via npx.
Rationale
No concrete malicious chain was found, but the explicit agent-skill installer is a real capability that can modify agent control surfaces through a delegated tool. Under the stated policy, this warrants a warning rather than a block.
Evidence
package.jsondist/skills.jsdist/git.jsdist/config.jsdist/store/json-backend.jsskills/remarque-review/SKILL.mdskills/remarque-address/SKILL.mdskills/remarque-rereview/SKILL.md.gitignore
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/skills.js` runs `npx --yes skills@1 add` when the user invokes `remarque skills`.
- The delegated `skills add` command can install bundled agent skills, including global agent targets.
- On Windows, `dist/skills.js` uses `spawnSync(..., { shell: true })` for this explicit subcommand.
Evidence against
- `package.json` lifecycle hooks only compile TypeScript and chmod the CLI; no install-time agent mutation.
- `dist/git.js` invokes fixed `git` arguments for local repository inspection, not shell strings.
- No HTTP client, credential harvesting, exfiltration, eval, remote payload loader, or destructive file operation was found in bundled JS.
- `dist/config.js` writes only review storage configuration and an optional repository `.gitignore` entry through `remarque init`.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
Source & flagged code
2 flagged · loading sourcedist/git.jsView file
14exports.emptyTree = emptyTree;
L15: const node_child_process_1 = require("node:child_process");
L16: class GitError extends Error {
High
dist/skills.jsView file
21const result = isWindows
L22: ? (0, node_child_process_1.spawnSync)("npx", argv.map(quoteArg), { stdio: "inherit", shell: true })
L23: : (0, node_child_process_1.spawnSync)("npx", argv, { stdio: "inherit" });
...
L25: const err = result.error;
L26: const hint = err.code === "ENOENT" ? " (is Node/npx installed and on your PATH?)" : "";
L27: process.stderr.write(`remarque: could not run npx${hint}: ${err.message}\n`);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/skills.jsView on unpkg · L21Findings
2 High1 Medium3 Low
HighChild Processdist/git.js
HighRuntime Package Installdist/skills.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem