registry  /  solmate-skills  /  2.0.13

solmate-skills@2.0.13

AI agent harness and workflow skills for context-aware planning, implementation, verification, docs, and QA

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `solmate-skills install hooks` or installs the `rules-workflow` skill.
Impact
Project-local `.claude` behavior is extended; reviewed hooks only inspect local prompt, edit metadata, and git filenames for suggestions.
Mechanism
Explicit CLI-driven Claude hook and agent-adapter installation.
Rationale
No concrete malicious chain was established by source inspection. The explicit `.claude/settings.json` mutation warrants a warning under the agent-extension policy, not a publish block.
Evidence
package.jsonbin/cli.jshooks/install.shhooks/suggest-skills.shhooks/watch-files.shhooks/verify-suggest.shext-k-skill/packages/k-skill-proxy/src/server.js.agent/skills/hooks/.claude/agents/solmate-*.md.claude/hooks/solmate-suggest.sh.claude/hooks/solmate-watch.sh.claude/hooks/solmate-verify-suggest.sh.claude/settings.json.gitignore
Network endpoints2
apis.data.go.krswopenapi.seoul.go.kr

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/cli.js` explicitly runs `hooks/install.sh` for `install hooks`.
  • `hooks/install.sh` copies scripts into `.claude/hooks/` and merges commands into `.claude/settings.json`.
  • Installed hooks read Claude prompt/tool metadata and inspect `git diff`; they emit local suggestion JSON only.
  • Nested `ext-k-skill` utilities include user-invoked API clients and a local proxy using environment API keys.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle hook.
  • Root CLI performs filesystem writes only after explicit `solmate-skills install ...` commands.
  • No reviewed hook or CLI source sends prompts, files, environment secrets, or git data to a remote endpoint.
  • No eval/vm/Function, remote payload loader, credential harvesting, destructive deletion, or stealth persistence was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 32 file(s), 252 KB of source, external domains: apis.data.go.kr, m.map.kakao.com, place-api.map.kakao.com, place.map.kakao.com, swopenapi.seoul.go.kr, www.bluer.co.kr, www.daisomall.co.kr, www.dhlottery.co.kr, www.kleague.com, www.skdirect.co.kr

Source & flagged code

2 flagged · loading source
bin/harness-artifact.jsView file
1const fs = require('fs'); L2: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/harness-artifact.jsView on unpkg · L1
rules-react/scripts/fetch-stitch.shView file
path = rules-react/scripts/fetch-stitch.sh kind = build_helper sizeBytes = 1009 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

rules-react/scripts/fetch-stitch.shView on unpkg

Findings

5 Medium4 Low
MediumDynamic Requirebin/harness-artifact.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperrules-react/scripts/fetch-stitch.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings