AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit install command deploys a first-party Claude Code skill library and optional SessionStart hook. The hook changes local skill activation settings and adds workflow instructions at session boundaries; no exfiltration or remote execution is established.
Decision evidence
public snapshot- `install.mjs` is an explicit CLI installer that copies package skills and a SessionStart hook into a selected Claude config directory.
- `install.mjs` writes `.claude/settings.local.json` skillOverrides and installs `.claude/hooks/session-start.mjs`.
- `hooks/session-start.mjs` dynamically imports the package-owned resolver and rewrites the local skill baseline on every SessionStart.
- Installed hook injects persistent workflow-routing instructions into Claude session context.
- `package.json` has no preinstall, install, or postinstall lifecycle hook; only `prepublishOnly` runs before publishing.
- `bin/cli.mjs` dispatches only explicit `install` or `uninstall` commands using the local Node executable.
- No network client, endpoint, credential harvesting, shell execution, eval, or remote payload loader appears in executable source.
- The installer explicitly does not edit `.claude/settings.json`; it prints a hook-registration snippet for the user to merge.
- `uninstall.mjs` asks for confirmation by default and removes only package-named files plus its skillOverride entries.
Source & flagged code
2 flagged · loading sourcePackage source references dynamic require/import behavior.
hooks/session-start.mjsView on unpkg · L77Hardcoded password in skills/infrastructure-as-code/references/iac-patterns.md
skills/infrastructure-as-code/references/iac-patterns.mdView on unpkg · L146