AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit installer for AI agent skills and agent packs. It mutates broad AI-agent control directories only when the user runs the CLI, with no npm lifecycle trigger or hidden exfiltration found.
Decision evidence
public snapshot- bin/cli.js dispatches user commands to install/update/delete skills and agent packs.
- lib/installer.js copies bundled content into .claude/skills, .agents/skills, .claude/agents, and .agents/agents.
- skills/td-review bundles an agent prompt auto-registered on install.
- Helper scripts can make user-invoked network calls to GitHub, Everhour, Basecamp, or target URLs.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- No import-time execution beyond CLI argument dispatch was found.
- Filesystem mutation is gated behind explicit CLI commands, not npm installation.
- Network-capable scripts are task-aligned skill utilities and require user invocation and inputs.
- No credential harvesting or exfiltration endpoints beyond documented API use were found.
- copyDir ignores __pycache__, node_modules, .DS_Store, and .git during installs.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
skills/a11y-audit/scripts/audit.jsView on unpkg · L3Package ships non-JavaScript build or shell helper files.
agents/component-library-section-blocks/scripts/td-guard.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
skills/everhour-basecamp-estimates/tests/test_update_estimates.pyView on unpkg