AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates a Claude agent skill directory during npm install. Even though the bundled skill is safety-oriented, it is an unconsented lifecycle write to an AI-agent control surface.
Decision evidence
public snapshot- package.json defines postinstall: node postinstall.mjs.
- postinstall.mjs imports dist/skillInstall.js and calls installSkillBestEffort during npm install.
- dist/skillInstall.js copies bundled skill/tunnel-etiquette into os.homedir()/.claude/skills by default.
- skill/tunnel-etiquette/SKILL.md is an AI-agent behavior instruction surface for Claude tunnel sessions.
- postinstall is best-effort, skips CI and TUNNEL_SKIP_SKILL_INSTALL, and does not overwrite an existing skill unless explicitly forced via CLI.
- Bundled skill text is safety-oriented and tells agents to treat peer messages as untrusted input.
- No credential harvesting, destructive behavior, or install-time network exfiltration found.
- Runtime network/cloudflared behavior is package-aligned and user-invoked through MCP tunnel tools.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/cloudflared/provision.jsView on unpkg