AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/install.mjs` copies package-controlled skills, agents, and workflow JS into `~/.claude/` by default.
- The installed `workflows/milestone-pipeline.js` can direct agent-driven GitHub issue/PR operations when invoked.
- The CLI is exposed as `rk-skills`; there are no npm lifecycle hooks in `package.json`.
- `package.json` contains no `preinstall`, `install`, or `postinstall` script.
- `bin/install.mjs` performs only local `mkdirSync`/`cpSync`; it has no network, shell, eval, or credential access.
- Installation is activated by an explicit `npx rk-skills` command, not package installation.
- Reviewed agent/skill files contain GitHub workflow instructions, not hidden payload delivery or secret harvesting.
Source & flagged code
3 flagged · loading source`bin/install.mjs` copies package-controlled skills, agents, and workflow JS into `~/.claude/` by default.
bin/install.mjsView on unpkgThe installed `workflows/milestone-pipeline.js` can direct agent-driven GitHub issue/PR operations when invoked.
workflows/milestone-pipeline.jsView on unpkgThe CLI is exposed as `rk-skills`; there are no npm lifecycle hooks in `package.json`.
package.jsonView on unpkg