AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface by static inspection. The package is an AI-agent methodology installer with user-invoked project-local skill, MCP, and optional CLI setup, which creates agent control-surface artifacts only as the package's documented function.
Decision evidence
public snapshot- package.json exposes a user-invoked wizz CLI and a prepare hook that only runs husky if present
- tools/installer/core/installer.js can install package skills into project IDE dirs and optionally merge selected MCP entries into project .mcp.json
- tools/installer/modules/cli-config.js can run registry-defined npm/curl install commands, but comments and command flow indicate caller-selected CLI install
- No npm install/import-time execution of installer; prepare is limited to husky setup
- tools/installer/commands/install.js routes writes through explicit install command/options/prompts
- tools/installer/ide/platform-codes.yaml documents project-local target_dir and says global_target_dir is not used by code
- tools/installer/modules/mcp-config.js merges additively, does not overwrite existing MCP servers, and uses placeholder env values
- tools/installer/wizz-cli.js npm view update check is best-effort package-aligned network use
- Pagefind wasm blob and test fixture are shipped assets, not invoked by lifecycle or entrypoint
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
tools/bundle-web-bundles.jsView on unpkg · L15Package source references dynamic require/import behavior.
tools/bundle-web-bundles.jsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/skills-lib/huashu-design/scripts/tts-doubao.mjsView on unpkg · L14Package source invokes a package manager install command at runtime.
tools/installer/yaml-format.jsView on unpkg · L145Package ships non-JavaScript build or shell helper files.
tools/validate-svg-changes.shView on unpkgPackage ships high-entropy non-source blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage ships compressed or archive-like blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
tools/installer/core/installer.jsView on unpkgHardcoded password in src/skills-lib/graphify/SKILL.md
src/skills-lib/graphify/SKILL.mdView on unpkg · L527