AI Security Review
scanned 13d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates the consuming project's AI-agent instruction surfaces without an explicit CLI invocation. It plants skills/rules/config and patches package metadata so later agent sessions and installs follow package-supplied commands.
Decision evidence
public snapshot- package.json runs postinstall: node dist/postinstall.js
- dist/postinstall.js resolves consumer project root and calls setupProject({yes:true,dryRun:false,light:true}) during install
- dist/steps/setupProject.js writes AI-agent control files under .cursor, .claude, .codex, and .openclaw skills plus .cursor/rules
- src/templates/artifacts/06-agent-skill.template.md instructs agents to auto-run npx sdd-flow-kit commands and follow workflow gates
- dist/core/packageJsonPatch.js modifies consumer package.json pnpm.onlyBuiltDependencies to allow sdd-flow-kit build scripts
- dist/core/agentRemediateInvoke.js can spawn cursor/claude/codex/openclaw with inherited env during remediation flows
- No credential harvesting or external exfiltration endpoint found in inspected JS
- Default postinstall light mode skips npx @lixin5257xxx/opsx-workflow setup unless full mode is enabled
- Network URLs found are documentation/template localhost or Confluence references, not exfil sinks
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/agentRemediateInvoke.jsView on unpkgPackage source references child process execution.
dist/core/agentRemediateInvoke.jsView on unpkg · L9Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/core/agentRemediateInvoke.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/core/opsxDelivery.jsView on unpkg · L177Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/steps/setupProject.jsView on unpkg