registry  /  rk-skills  /  1.7.0

rk-skills@1.7.0

Installer for Claude Code workflow skills — GitHub issue/PR/release automation and Fable-driven planning.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `npx rk-skills` or invokes the `rk-skills` CLI.
Impact
Installed instructions and workflow code can influence later Claude Code sessions and GitHub automation actions.
Mechanism
Explicit user-command AI-agent extension installation via local recursive file copies.
Rationale
This is an explicit-user-command, first-party AI-agent extension setup that mutates a broad Claude Code control surface. It is not malicious by source evidence, but warrants a warning under the stated extension-lifecycle policy.
Evidence
package.jsonbin/install.mjsworkflows/milestone-pipeline.jsagents/create-release-runner.mdagents/sync-docs-runner.mdREADME.mdskills/*/SKILL.md~/.claude/skills~/.claude/agents~/.claude/workflows.claude/skills.claude/agents.claude/workflows

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/install.mjs` copies package-controlled skills, agents, and workflow JS into `~/.claude/` by default.
  • The installed `workflows/milestone-pipeline.js` can direct agent-driven GitHub issue/PR operations when invoked.
  • The CLI is exposed as `rk-skills`; there are no npm lifecycle hooks in `package.json`.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` script.
  • `bin/install.mjs` performs only local `mkdirSync`/`cpSync`; it has no network, shell, eval, or credential access.
  • Installation is activated by an explicit `npx rk-skills` command, not package installation.
  • Reviewed agent/skill files contain GitHub workflow instructions, not hidden payload delivery or secret harvesting.
Behavioral surface
Source
Filesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 22.5 KB of source

Source & flagged code

3 flagged · loading source
bin/install.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/install.mjs` copies package-controlled skills, agents, and workflow JS into `~/.claude/` by default.

bin/install.mjsView on unpkg
workflows/milestone-pipeline.jsView file
Published source reference
Medium
Ai Review Evidence

The installed `workflows/milestone-pipeline.js` can direct agent-driven GitHub issue/PR operations when invoked.

workflows/milestone-pipeline.jsView on unpkg
package.jsonView file
Published source reference
Medium
Suspicious Lifecycle Evidence

The CLI is exposed as `rk-skills`; there are no npm lifecycle hooks in `package.json`.

package.jsonView on unpkg

Findings

3 Medium2 Low
MediumAi Review Evidencebin/install.mjs
MediumAi Review Evidenceworkflows/milestone-pipeline.js
MediumSuspicious Lifecycle Evidencepackage.json
LowFilesystem
LowHigh Entropy Strings