AI Security Review
scanned 13d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed install-time mutation of the consuming project: the postinstall hook writes SDD skills/rules/config for AI-agent tools into the project without an explicit user command. This changes AI-agent control surfaces during dependency installation, even though no exfiltration endpoint was found.
Decision evidence
public snapshot- package.json runs postinstall: node dist/postinstall.js.
- dist/postinstall.js auto-runs setupProject with dryRun:false against consumer project root during install.
- dist/steps/setupProject.js writes editor agent skill/rule/config files under .cursor/.claude/.codex/.openclaw and .opsx.
- dist/core/packageJsonPatch.js can modify consumer package.json pnpm.onlyBuiltDependencies/scripts.
- dist/core/agentRemediateInvoke.js can later spawn cursor/claude/codex/openclaw with env inherited, but only from remediation flow.
- No credential harvesting or exfiltration endpoints found in package JS.
- Network-like URLs are documentation/template Confluence/Gitee/local URLs, not install-time exfiltration.
- Runtime npx opsx-workflow install is in ensureOpsxWorkflow, not default light postinstall.
- child_process calls are mostly user-invoked CLI workflow commands.
- Agent autorun remediation is gated by CLI workflow/env toggles, not import-time.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/agentRemediateInvoke.jsView on unpkgPackage source references child process execution.
dist/core/agentRemediateInvoke.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
dist/core/opsxDelivery.jsView on unpkg · L177