registry  /  td-ai-tools  /  1.1.11

td-ai-tools@1.1.11

Install agent skills and packs into your project

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit installer for AI agent skills and agent packs. It mutates broad AI-agent control directories only when the user runs the CLI, with no npm lifecycle trigger or hidden exfiltration found.

Static reason
No blocking static signals were detected.
Trigger
User runs npx td-ai-tools install/update/delete or selects items interactively.
Impact
Installs package-owned prompts and scripts into project .claude and .agents directories for agent runtimes to discover.
Mechanism
copies/removes bundled skill and agent prompt files
Rationale
Not malicious: the risky behavior is explicit, package-aligned agent extension installation rather than unconsented npm lifecycle mutation. Because it writes to broad AI-agent control surfaces, treat as warning-level lifecycle risk instead of clean.
Evidence
package.jsonbin/cli.jslib/installer.jslib/fs-utils.jsskills/pr-solver/scripts/list_unresolved_threads.pyskills/everhour-basecamp-estimates/scripts/update_estimates.pyskills/a11y-audit/scripts/audit.jsskills/td-review/agents/td-theme-reviewer.md.claude/skills/<name>/.agents/skills/<name>/.claude/agents/<name>/.agents/agents/<name>/
Network endpoints4
api.github.com/graphqlapi.everhour.com3.basecampapi.comforge.laravel.com/api/v1

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/cli.js dispatches user commands to install/update/delete skills and agent packs.
  • lib/installer.js copies bundled content into .claude/skills, .agents/skills, .claude/agents, and .agents/agents.
  • skills/td-review bundles an agent prompt auto-registered on install.
  • Helper scripts can make user-invoked network calls to GitHub, Everhour, Basecamp, or target URLs.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • No import-time execution beyond CLI argument dispatch was found.
  • Filesystem mutation is gated behind explicit CLI commands, not npm installation.
  • Network-capable scripts are task-aligned skill utilities and require user invocation and inputs.
  • No credential harvesting or exfiltration endpoints beyond documented API use were found.
  • copyDir ignores __pycache__, node_modules, .DS_Store, and .git during installs.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 60.1 KB of source

Source & flagged code

3 flagged · loading source
skills/a11y-audit/scripts/audit.jsView file
3L4: const fs = require('node:fs'); L5: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

skills/a11y-audit/scripts/audit.jsView on unpkg · L3
agents/component-library-section-blocks/scripts/td-guard.shView file
path = agents/component-library-section-blocks/scripts/td-guard.sh kind = build_helper sizeBytes = 1273 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

agents/component-library-section-blocks/scripts/td-guard.shView on unpkg
skills/everhour-basecamp-estimates/tests/test_update_estimates.pyView file
path = skills/everhour-basecamp-estimates/tests/test_update_estimates.py kind = payload_in_excluded_dir sizeBytes = 10106 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

skills/everhour-basecamp-estimates/tests/test_update_estimates.pyView on unpkg

Findings

1 High4 Medium2 Low
HighPayload In Excluded Dirskills/everhour-basecamp-estimates/tests/test_update_estimates.py
MediumDynamic Requireskills/a11y-audit/scripts/audit.js
MediumEnvironment Vars
MediumShips Build Helperagents/component-library-section-blocks/scripts/td-guard.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem