registry  /  waypoint-skills  /  1.4.0

waypoint-skills@1.4.0

Multi-platform agentic skills for AI assistants — wp framework, agents, rules, hooks

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `waypoint-skills install` or activates Impeccable live copy editing.
Impact
User-approved setup can modify agent control surfaces; live editing can grant a spawned local agent broad project-write capability.
Mechanism
Explicit AI-agent extension installation and local AI CLI orchestration.
Rationale
Source inspection found no concrete malware, credential theft, remote payload execution, or unconsented install-time AI-control-surface mutation. The package still warrants a warning because explicit workflows install agent extensions and can invoke local coding agents with broad bypass permissions.
Evidence
package.jsoncli/bin/postinstall.mjsscripts/install.shscripts/lib/common.shmanifest.jsonpackages/skills/impeccable/scripts/live-copy-edit-agent.mjspackages/skills/impeccable/scripts/live-server.mjspackages/skills/impeccable/scripts/context.mjs~/.cursor~/.claude~/.codex~/.gemini
Network endpoints2
impeccable.style/api/versionlocalhost:<port>

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall`, but it only chmods package scripts.
  • `scripts/install.sh` explicitly installs skills/agents/rules into AI-tool config directories.
  • `live-copy-edit-agent.mjs` invokes Codex with approval and sandbox bypass flags.
  • `context.mjs` performs a throttled version request to `https://impeccable.style/api/version`.
Evidence against
  • No install hook writes foreign AI-agent configuration; `postinstall.mjs` only chmods package files.
  • AI config writes require the explicit `install` command and use manifest-defined targets.
  • The live server binds to `127.0.0.1` and its requests are localhost/token scoped.
  • No credential harvesting or outbound payload/exfiltration path was confirmed.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 69 file(s), 1.66 MB of source, external domains: developers.openai.com, example.com, github.com, impeccable.style, www.w3.org

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = node cli/bin/postinstall.mjs || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node cli/bin/postinstall.mjs || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
cli/bin/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = waypoint-skills@1.3.0 matchedIdentity = npm:d2F5cG9pbnQtc2tpbGxz:1.3.0 similarity = 0.971 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

cli/bin/cli.jsView on unpkg
20import { readFileSync } from 'node:fs'; L21: import { spawnSync } from 'node:child_process'; L22: import { join, dirname } from 'node:path';
High
Child Process

Package source references child process execution.

cli/bin/cli.jsView on unpkg · L20
packages/skills/impeccable/scripts/live-copy-edit-agent.mjsView file
255encoding: 'utf-8', L256: shell: true, L257: timeout: 30_000,
High
Shell

Package source references shell execution.

packages/skills/impeccable/scripts/live-copy-edit-agent.mjsView on unpkg · L255
packages/skills/impeccable/scripts/hook-lib.mjsView file
1263if (!found) return null; L1264: const mod = await import(pathToFileURL(found)); L1265: detectorCache = {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

packages/skills/impeccable/scripts/hook-lib.mjsView on unpkg · L1263
packages/skills/impeccable/scripts/live/svelte-component.mjsView file
20export function [redacted](filePath) { L21: if (/^(0|false|no)$/i.test(process.env.IMPECCABLE_LIVE_SVELTE_COMPONENT || '')) return false; L22: return path.extname(filePath).toLowerCase() === '.svelte'; ... L24: L25: export function componentSessionDir(id, cwd = process.cwd()) { L26: return path.join(cwd, SVELTE_COMPONENT_ROOT, id); ... L255: export function readManifest(manifestPath) { L256: const data = JSON.parse(fs.readFileSync(manifestPath, 'utf-8')); L257: return {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

packages/skills/impeccable/scripts/live/svelte-component.mjsView on unpkg · L20
packages/skills/impeccable/scripts/live-server.mjsView file
15Cross-file remote execution chain: [redacted]-server.mjs spawns [redacted]-screenshot.umd.js; helper contains network access plus dynamic code execution. L15: L16: import http from 'node:http'; L17: import { randomUUID } from 'node:crypto'; L18: import { spawn, execFileSync } from 'node:child_process'; L19: import fs from 'node:fs'; ... L53: L54: const __dirname = path.dirname(fileURLToPath(import.meta.url)); L55: // PRODUCT.md / DESIGN.md live wherever context.mjs resolves. The generated ... L111: const POLL_LEASE_EXPIRY_TIMER_GRACE_MS = 2; L112: const DEBUG_MANUAL_EDIT_EVENTS = /^(1|true|yes)$/i.test(process.env.IMPECCABLE_LIVE_DEBUG_EVENTS || ''); L113: ... L299: function broadcast(msg) {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

packages/skills/impeccable/scripts/live-server.mjsView on unpkg · L15
scripts/migrations/1.2.0-to-1.3.0.shView file
path = scripts/migrations/1.2.0-to-1.3.0.sh kind = build_helper sizeBytes = 1309 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/migrations/1.2.0-to-1.3.0.shView on unpkg

Findings

1 Critical4 High6 Medium5 Low
CriticalPrevious Version Dangerous Deltacli/bin/cli.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processcli/bin/cli.js
HighShellpackages/skills/impeccable/scripts/live-copy-edit-agent.mjs
HighCross File Remote Execution Contextpackages/skills/impeccable/scripts/live-server.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirepackages/skills/impeccable/scripts/hook-lib.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/migrations/1.2.0-to-1.3.0.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptopackages/skills/impeccable/scripts/live/svelte-component.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings