AI Security Review
scanned 2h ago · by lpm-firewall-aiRunning `skillmoo scan` in an interactive terminal automatically uploads a report unless suppressed. The report contains discovered AI-skill metadata and findings, not source contents.
Decision evidence
public snapshot- bin/skillmoo.mjs auto-publishes interactive scan results unless --no-share is used.
- bin/skillmoo.mjs POSTs scan data to ${SKILLMOO_API||https://skillmoo.com}/api/report.
- Published data includes discovered skill paths, names, findings, grades, and token metadata.
- The manifest describes the CLI as fully local, conflicting with default interactive upload behavior.
- package.json has only prepublishOnly; installation has no lifecycle hook.
- No child-process execution, dynamic code loading, credential harvesting, or persistence writes were found.
- The only writeFileSync call is an explicit --report/--html local HTML output.
- publishReport serializes analysis metadata, not scanned SKILL.md contents.
Source & flagged code
3 flagged · loading sourceSource writes persistence or remote-access backdoor material.
bin/skillmoo.mjsView on unpkg · L35Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bin/skillmoo.mjsView on unpkg · L258A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/skillmoo.mjsView on unpkg · L35