AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates global Claude and Codex agent control surfaces during npm postinstall. This is unconsented install-time AI-agent extension installation into foreign/broad user-level locations.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js.
- scripts/postinstall.js creates ~/.claude/commands and ~/.claude/skills entries from package SKILLS.
- scripts/postinstall.js also writes into ${CODEX_HOME:-~/.codex}/skills at install time.
- forceSymlink removes any existing link/file/dir at each target path before symlinking package content.
- SKILLS/uctx and SKILLS/ubus are agent command/skill instructions that affect Claude/Codex behavior.
- No credential harvesting or exfiltration found in postinstall script.
- Installed skill content appears ufoo-aligned, referencing ufoo context and bus workflows.
- Network endpoints found are runtime/user-invoked online features, not postinstall exfiltration.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/uagy.jsView on unpkg · L20Package source references weak cryptographic algorithms.
src/runtime/projects/projectId.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/coordination/bus/inject.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L62