registry  /  shopport  /  0.5.1

shopport@0.5.1

커머스 운영 자동화 CLI — Cafe24, Coupang, SmartStore, Shopify 통합 관리

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. Installing the npm package triggers an opaque CLI command that mutates multiple home-directory AI-agent skill surfaces. It installs bundled implicitly invokable skills without an explicit user command.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall
Impact
Unconsented modification of broad AI-agent control surfaces and new implicit agent capabilities.
Mechanism
automatic cross-agent skill installation via recursive copy/symlink
Policy narrative
During npm postinstall, the manifest launches the bundled obfuscated CLI with `setup-skills`. The inspected setup implementation enumerates several AI-tool skill directories under the user home directory, including `.cursor/skills`, and recursively symlinks or copies bundled `sppt-` skills there. Those skills include OpenAI agent descriptors allowing implicit invocation. This is an unconsented install-time mutation of foreign/broad agent control surfaces, so it meets the firewall block boundary despite documented uninstall support.
Rationale
Source inspection confirms a real postinstall chain that automatically installs agent skills across multiple host AI-tool directories. Documentation and prefix-scoped cleanup reduce ambiguity but do not provide install-time consent. Product guard normalized a concrete AI-agent control hijack publish_block to the blockable dangerous-capability shape.
Evidence
package.jsondist/cli.jsdist/skills/README.mddist/skills/sppt/SKILL.mddist/skills/shopport/agents/openai.yamldist/skills/sppt/agents/openai.yaml

Decision evidence

public snapshot
AI called this Malicious at 96.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for policy block
  • `package.json` postinstall silently runs `dist/cli.js setup-skills`.
  • `dist/cli.js` resolves the home directory and targets multiple AI-tool skill locations, including `.cursor/skills`.
  • `dist/cli.js` recursively copies/symlinks bundled skills into those locations and removes matching `sppt-` entries.
  • Bundled `agents/openai.yaml` files enable implicit invocation for installed skills.
Evidence against
  • `dist/skills/README.md` and `dist/skills/sppt/SKILL.md` document `setup-skills` and uninstall behavior.
  • Setup code limits cleanup to its `sppt-` prefix and sources content from bundled `dist/skills`.
  • No credential harvesting, remote payload download, or exfiltration was confirmed in the inspected setup path.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 2.06 MB of source, external domains: admin.shopify.com, apicenter.commerce.naver.com, cjdropshipping.com, console.apify.com, developer.wehago.com, developers.cafe24.com, developers.naver.com, github.com, mobile.domeggook.com, newpin.wconcept.co.kr, openapi.29cm.co.kr, partner.musinsa.com, partner.smartstore.naver.com, plto.com, react.dev, rocketsell-proxy.fly.dev, searchad.naver.com, sell.smartstore.naver.com, shopping-seller.toss.im, shopport.vercel.app, whatismyipaddress.com, wing.coupang.com, www.boxhero.io, www.cafe24.com, www.google.com, www.w3.org
Oversized source lightweight scan
dist/cli.js2.04 MB file, sampled 256 KB
NetworkEnvironmentVarsObfuscatedHighEntropyStringsMinified

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('child_process').execFileSync(process.execPath,['dist/cli.js','setup-skills'],{stdio:'pipe'})}catch(_){}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('child_process').execFileSync(process.execPath,['dist/cli.js','setup-skills'],{stdio:'pipe'})}catch(_){}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/dashboard-ui/assets/index-CSE-Rlo8.jsView file
467`+b.message)}var a=new Ee;a.add(n),a.isGeoSVGGraphicRoot=!0;var i=t.width,o=t.height,s=t.viewBoxRect,l=this._boundingRect;if(!l){var u=void 0,c=void 0,f=void 0,h=void 0;if(i!=null?... L468: `+i.message)}return Z1e(t,a),P(a,function(i){var o=i.name;Q1e(t,i),ebe(t,i);var s=this._specialAreas&&this._specialAreas[o];s&&i.transformTo(s.left,s.top,s.width,s.height)},this),a... L469: `))}),e.join(`
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/dashboard-ui/assets/index-CSE-Rlo8.jsView on unpkg · L467
dist/cli.jsView file
path = dist/cli.js kind = oversized_source_file sizeBytes = 2135479 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/cli.jsView on unpkg
path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 2135479 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/cli.jsView on unpkg

Findings

1 Critical3 High4 Medium6 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated
HighOversized Source Filedist/cli.js
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/dashboard-ui/assets/index-CSE-Rlo8.js
LowHigh Entropy Strings
LowUrl Strings
LowNo License