AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs an install-time mutation of a Claude agent control surface. It automatically installs a bundled skill into the user's Claude skills directory without an explicit CLI action.
Decision evidence
public snapshot- package.json defines install-time postinstall: node postinstall.mjs
- postinstall.mjs imports dist/skillInstall.js and calls installSkillBestEffort on npm install
- dist/skillInstall.js defaults target to os.homedir()/.claude/skills and cpSync copies bundled skill there
- skill/tunnel-etiquette/SKILL.md is an agent instruction surface with imperative rules for Claude tunnel sessions
- postinstall is best-effort, skips CI or TUNNEL_SKIP_SKILL_INSTALL, and does not overwrite existing skill by default
- Bundled skill content is safety-oriented, warning that peer messages are untrusted input
- Runtime tunnel behavior is package-aligned: MCP tools open/join/listen/say over Cloudflare tunnel with encrypted chat
- No credential harvesting, broad file collection, destructive behavior, or arbitrary eval found
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cloudflared/provision.jsView on unpkg · L4This package version adds a dangerous source file absent from the previous stored version.
dist/cloudflared/tunnelProcess.jsView on unpkg