AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit CLI installer deploys remotely served skills into local AI-agent skill directories and registers a daily updater. The updater runs the latest package through `npx` and replaces files listed in the package-owned install manifest.
Decision evidence
public snapshot- `src/commands/install.js` explicitly installs skills after interactive membership and agent-selection prompts.
- `src/installer.js` writes API-supplied bundle content into `~/.claude/skills` or shared `~/.agents/skills`.
- `src/scheduler.js` creates a daily user `launchd` job or crontab entry invoking `npx sh-30-day-loop@latest update --silent`.
- `src/api.js` authenticates to the package API and downloads remote `/bundle` content during install and scheduled updates.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
- `bin/run.js` only imports commands after an explicit CLI invocation; package import/install alone does not run setup.
- `src/commands/install.js` discloses skill installation and automatic updates, and requires user interaction before writing files.
- No source evidence of credential harvesting, arbitrary shell payloads, destructive actions, or exfiltration beyond package API requests.
Source & flagged code
3 flagged · loading sourcePackage source invokes a package manager install command at runtime.
src/scheduler.jsView on unpkg · L3Source writes installer persistence such as shell profile or service configuration.
src/scheduler.jsView on unpkg · L3