registry  /  ultimate-design-skill  /  0.2.0

ultimate-design-skill@0.2.0

Self-contained OKF design workflow for AI agents: DESIGN.md contracts, taste and necessary-judgment checks, critique/repair, motion guidance, and rendered verification.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an explicit installer for an AI-agent skill. This is first-party package-owned agent extension setup, with no automatic lifecycle trigger or exfiltration found.

Static reason
No blocking static signals were detected.
Trigger
User runs the bin or npm install:* scripts with a target agent.
Impact
Adds or replaces ultimate-design skill files for Codex, Claude Code, or Pi Agent when invoked.
Mechanism
copy/symlink bundled skill into agent skill directories
Rationale
Source inspection shows explicit, package-aligned AI-agent skill installation and local validation helpers, not malicious behavior. Because it mutates agent skill directories when invoked, downgrade to a warning rather than mark fully clean.
Evidence
package.jsonscripts/install-agent-skill.mjsscripts/check-agent-integrations.mjsskill/ultimate-design/SKILL.mdskill/ultimate-design/scripts/validate_html_visual.mjsskill/ultimate-design/scripts/validate_motion_contract.mjsskill/ultimate-design/scripts/validate_design_contract.pyskill/ultimate-design~/.agents/skills/ultimate-design~/.codex/skills/ultimate-design~/.claude/skills/ultimate-design~/.pi/agent/skills/ultimate-design.agents/skills/ultimate-design.claude/skills/ultimate-design.pi/skills/ultimate-design
Network endpoints3
aa2246740.github.io/ultimate-design/git+https://github.com/aa2246740/ultimate-design.gitgithub.com/aa2246740/ultimate-design/issues

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • scripts/install-agent-skill.mjs explicitly copies or symlinks skill/ultimate-design into Codex, Claude Code, or Pi Agent skill directories.
  • scripts/install-agent-skill.mjs removes an existing destination by default before copy/symlink unless --no-force is passed.
  • package.json exposes installer as bin ultimate-design-install-skill and user-invoked install:* scripts.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • Installer is explicit user-command setup for this package's own skill, not automatic install-time mutation.
  • No credential harvesting or exfiltration found in reviewed source.
  • Network URLs are metadata/documentation links; no runtime fetch/HTTP client code found.
  • Validation scripts load local HTML with Playwright and write local reports/screenshots only.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 50.3 KB of source

Source & flagged code

2 flagged · loading source
skill/ultimate-design/scripts/validate_motion_contract.mjsView file
71try { L72: return await import(candidate); L73: } catch (error) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

skill/ultimate-design/scripts/validate_motion_contract.mjsView on unpkg · L71
skill/ultimate-design/scripts/validate_design_contract.pyView file
path = skill/ultimate-design/scripts/validate_design_contract.py kind = build_helper sizeBytes = 13973 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skill/ultimate-design/scripts/validate_design_contract.pyView on unpkg

Findings

4 Medium3 Low
MediumDynamic Requireskill/ultimate-design/scripts/validate_motion_contract.mjs
MediumEnvironment Vars
MediumShips Build Helperskill/ultimate-design/scripts/validate_design_contract.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings