registry  /  resuggestor  /  1.0.1

resuggestor@1.0.1

Cursor skill for frontend performance optimization — install with npm and use /resuggestor in chat

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package mutates Cursor agent configuration during npm postinstall by installing a project hook that can influence future agent replies. This is unconsented install-time modification of a broad AI-agent control surface.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install resuggestor in a project
Impact
Future Cursor Write tool events can receive package-controlled additional_context instructions.
Mechanism
postinstall writes Cursor hook and hooks.json
Policy narrative
On npm install, postinstall runs install.js, which copies the Cursor skill into the project and installs a postToolUse Write hook plus hooks.json. The hook emits additional_context telling the agent how to respond after writing a resuggestor canvas. Although aligned with package functionality and not exfiltrating data, it is install-time mutation of Cursor’s agent control surface without a separate user command or consent step.
Rationale
Source inspection confirms automatic postinstall writes to .cursor hooks.json and an executable hook that injects agent instructions, which meets the firewall policy for blocking unconsented install-time mutation of a broad AI-agent control surface. Other risky primitives appear user-invoked or package-aligned, but they do not neutralize the postinstall control-surface mutation. Product guard normalized a concrete AI-agent control hijack publish_block to the blockable dangerous-capability shape.
Evidence
package.jsoninstall.jslib/copy.mjstemplates/.cursor/hooks.jsontemplates/.cursor/hooks/resuggestor-post-canvas-write.shlib/mcp.mjslib/gitlab.mjs.cursor/skills/resuggestor.cursor/hooks/resuggestor-post-canvas-write.sh.cursor/hooks.json.gitignore
Network endpoints2
registry.npmjs.org/gitlab.com

Decision evidence

public snapshot
AI called this Malicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • package.json runs postinstall: node install.js.
  • install.js calls installSkillFiles during npm install.
  • lib/copy.mjs copies templates/.cursor/hooks into project .cursor/hooks and merges .cursor/hooks.json.
  • templates/.cursor/hooks.json registers postToolUse Write hook.
  • resuggestor-post-canvas-write.sh injects additional_context into Cursor after matching Write operations.
Evidence against
  • No credential harvesting or exfiltration found in install path.
  • GitLab token handling is prompted/user-configured and used for GitLab API calls.
  • chrome-devtools-mcp global install is interactive configure-time, not automatic postinstall.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 22.2 KB of source, external domains: gitlab.com, registry.npmjs.org

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
lib/mcp.mjsView file
2import path from 'node:path'; L3: import { execSync } from 'node:child_process'; L4: import { globalMcpPath } from './paths.mjs';
High
Child Process

Package source references child process execution.

lib/mcp.mjsView on unpkg · L2
2import path from 'node:path'; L3: import { execSync } from 'node:child_process'; L4: import { globalMcpPath } from './paths.mjs'; ... L6: const SERVER_KEY = 'chrome-devtools'; L7: const NPM_INSTALL_CMD = 'npm install -g chrome-devtools-mcp --registry=https://registry.npmjs.org/'; L8:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/mcp.mjsView on unpkg · L2
templates/.cursor/hooks/resuggestor-post-canvas-write.shView file
path = templates/.cursor/hooks/resuggestor-post-canvas-write.sh kind = payload_in_excluded_dir sizeBytes = 842 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

templates/.cursor/hooks/resuggestor-post-canvas-write.shView on unpkg
path = templates/.cursor/hooks/resuggestor-post-canvas-write.sh kind = build_helper sizeBytes = 842 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

templates/.cursor/hooks/resuggestor-post-canvas-write.shView on unpkg
lib/paths.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = resuggestor@1.0.0 matchedIdentity = npm:cmVzdWdnZXN0b3I:1.0.0 similarity = 0.429 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/paths.mjsView on unpkg

Findings

1 Critical5 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltalib/paths.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processlib/mcp.mjs
HighShell
HighRuntime Package Installlib/mcp.mjs
HighPayload In Excluded Dirtemplates/.cursor/hooks/resuggestor-post-canvas-write.sh
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Build Helpertemplates/.cursor/hooks/resuggestor-post-canvas-write.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings