registry  /  shopport  /  0.4.3

shopport@0.4.3

커머스 운영 자동화 CLI — Cafe24, Coupang, SmartStore, Shopify 통합 관리

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. On npm installation, the postinstall hook invokes `setup-skills`. The bundled CLI writes or symlinks Shopport skills into multiple AI-agent home-directory skill locations, including `~/.claude/skills` and `~/.codex/skills`, without a separate user command.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall
Impact
Adds package-controlled instructions/commands to foreign AI-agent control surfaces.
Mechanism
unconsented multi-agent skill-directory mutation
Policy narrative
Installing the package executes its CLI automatically. The CLI enumerates several AI-agent skill directories beneath the user home directory, creates them if needed, removes prior Shopport-prefixed entries, and symlinks or copies the package's bundled skill folders into each target. This changes foreign agent control surfaces during installation rather than through an explicit setup command.
Rationale
The concrete postinstall behavior mutates broad, foreign AI-agent skill directories. This meets the block boundary even though the inspected installer path showed no network exfiltration.
Evidence
package.jsondist/cli.jsdist/skills/README.mddist/skills/*~/.claude/skills~/.codex/skills

Decision evidence

public snapshot
AI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for policy block
  • `package.json` runs `dist/cli.js setup-skills` in `postinstall`.
  • `dist/cli.js` enumerates home-directory skill paths for Claude Code, Codex, Gemini CLI, OpenCode, and other agents.
  • The installer creates each target skills directory and symlinks/copies bundled skills there.
  • It removes prior package-namespaced skill entries from every enumerated target.
  • `dist/skills/README.md` confirms automatic registration during npm installation.
Evidence against
  • Observed installer targets only packaged `dist/skills/*` directories.
  • No network endpoint is used by the inspected setup-skills installation path.
  • No credential harvesting or exfiltration was established in the install path.
  • Uninstall removes only shopport-namespaced skill entries.
Behavioral surface
Source
ChildProcessEvalNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 2.06 MB of source, external domains: admin.shopify.com, apicenter.commerce.naver.com, cjdropshipping.com, console.apify.com, developer.wehago.com, developers.cafe24.com, developers.naver.com, github.com, mobile.domeggook.com, newpin.wconcept.co.kr, openapi.29cm.co.kr, partner.musinsa.com, partner.smartstore.naver.com, plto.com, react.dev, rocketsell-proxy.fly.dev, searchad.naver.com, sell.smartstore.naver.com, shopping-seller.toss.im, shopport.vercel.app, whatismyipaddress.com, wing.coupang.com, www.boxhero.io, www.cafe24.com, www.google.com, www.w3.org
Oversized source lightweight scan
dist/cli.js2.05 MB file, sampled 256 KB
ObfuscatedHighEntropyStringsMinified

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('child_process').execFileSync(process.execPath,['dist/cli.js','setup-skills'],{stdio:'pipe'})}catch(_){}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('child_process').execFileSync(process.execPath,['dist/cli.js','setup-skills'],{stdio:'pipe'})}catch(_){}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/dashboard-ui/assets/index-ChYTl53S.jsView file
467`+b.message)}var a=new Ee;a.add(n),a.isGeoSVGGraphicRoot=!0;var i=t.width,o=t.height,s=t.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,c=void 0,f=void 0,h=void 0;if(i!=null?... L468: `+i.message)}return Z1e(t,a),P(a,function(i){var o=i.name;Q1e(t,i),ebe(t,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),a... L469: `))}),e.join(`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/dashboard-ui/assets/index-ChYTl53S.jsView on unpkg · L467
dist/cli.jsView file
path = dist/cli.js kind = oversized_source_file sizeBytes = 2147597 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli.jsView on unpkg
path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 2147597 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.jsView on unpkg

Findings

1 Critical3 High3 Medium6 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated
HighOversized Source Filedist/cli.js
MediumNetwork
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/dashboard-ui/assets/index-ChYTl53S.js
LowHigh Entropy Strings
LowUrl Strings
LowNo License