AI Security Review
scanned 10h ago · by lpm-firewall-aiA normal interactive scan reads local AI-agent skill and instruction files. It automatically uploads derived report data in a TTY session unless suppressed, despite documentation presenting publishing as opt-in.
Decision evidence
public snapshot- `bin/skillmoo.mjs` scans user and project AI-agent rule/skill files.
- Default TTY `skillmoo scan` sets `autoPublish` and POSTs a report without `--publish`.
- Report payload includes paths, findings, and finding snippets derived from scanned files.
- Upload target defaults to `https://skillmoo.com/api/report`; `SKILLMOO_API` can override it.
- `package.json` has only `prepublishOnly`, not install-time lifecycle hooks.
- No `child_process`, shell execution, eval, or dynamic module loading is present.
- Writes are limited to an explicitly requested local HTML report.
- Bidi/invisible characters occur only in detection regexes and BOM-tolerant parsing.
Source & flagged code
2 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bin/skillmoo.mjsView on unpkg · L260A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/skillmoo.mjsView on unpkg