AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an explicit Wizz Method agent/skill installer with guarded project-local IDE skill setup and opt-in MCP/CLI dependency configuration.
Decision evidence
public snapshot- package.json prepare is husky-only and exits cleanly if husky is absent; no install/postinstall hook runs package installer code.
- tools/installer/wizz-cli.js is the bin/main entry and only runs on explicit CLI invocation; npm view version check is best-effort.
- tools/installer/ui.js makes MCP writes explicit via interactive selection or --mcps; --yes recommends MCPs without writing .mcp.json.
- tools/installer/ui.js makes CLI installs explicit via interactive selection or --clis; --yes recommends without running installs.
- tools/installer/ide/_config-driven.js writes selected Wizz skills into project-local IDE skill dirs from platform-codes.yaml, not user-home defaults.
- build/site/pagefind/wasm.unknown.pagefind is gzip data for Pagefind wasm, a docs search asset.
- No credential/env harvesting or exfiltration found in inspected installer and entrypoint code.
- No lifecycle-triggered mutation of Claude/Codex/Cursor/MCP or other broad AI-agent surfaces found.
- MCP env values in skills-registry.yaml are placeholders like ${MAGIC_API_KEY}, not collected secrets.
- No eval/vm/Function or native addon loading found in inspected hot files.
- Network-capable actions are package-aligned version checks, optional GitHub/module resolution, or explicit user-selected dependency installs.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
tools/bundle-web-bundles.jsView on unpkg · L15Package source references dynamic require/import behavior.
tools/bundle-web-bundles.jsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/skills-lib/huashu-design/scripts/tts-doubao.mjsView on unpkg · L14Package source invokes a package manager install command at runtime.
tools/installer/yaml-format.jsView on unpkg · L145Package ships non-JavaScript build or shell helper files.
tools/validate-svg-changes.shView on unpkgPackage ships high-entropy non-source blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage ships compressed or archive-like blobs.
build/site/pagefind/wasm.unknown.pagefindView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
src/bmm-skills/3-solutioning/wizz-architecture/scripts/tests/test_lint_spine.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
tools/installer/core/installer.jsView on unpkgHardcoded password in src/skills-lib/graphify/SKILL.md
src/skills-lib/graphify/SKILL.mdView on unpkg · L527