AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs install-time modification of a Claude agent skill directory. This is an unconsented AI-agent control-surface write even though the bundled skill content appears safety-oriented.
Decision evidence
public snapshot- package.json defines postinstall: node postinstall.mjs
- postinstall.mjs imports dist/skillInstall.js and calls installSkillBestEffort during npm install
- dist/skillInstall.js copies bundled skill/tunnel-etiquette into ~/.claude/skills by default
- dist/skillInstall.js only opts out on CI or TUNNEL_SKIP_SKILL_INSTALL, so normal install mutates Claude skill state
- skill/tunnel-etiquette/SKILL.md contains agent-behavior instructions for tunnel_* tool use
- No credential harvesting or secret exfiltration found in inspected files
- cloudflared download/spawn behavior is runtime tunnel functionality, not install-time execution
- Network endpoints are package-aligned for Cloudflare tunnel operation
- Session messages are encrypted with tweetnacl secretbox and join links are single-use/expiring
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cloudflared/provision.jsView on unpkg · L4This package version adds a dangerous source file absent from the previous stored version.
dist/cloudflared/tunnelProcess.jsView on unpkg