AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party AI-agent skill setup. Global npm install silently links packaged zmyt skills into ~/.agents/skills, but inspected skill content is package-aligned CRM CLI guidance rather than exfiltration or hijack logic.
Static reason
One or more suspicious static signals were detected.
Trigger
global npm install postinstall; explicit zmyt setup-skills command
Impact
ZMYT CRM skill becomes available to local AI agents; existing zmyt-* skill target may be overwritten
Mechanism
symlink packaged AI-agent skill directories into agent skill paths
Rationale
This is not confirmed malware, but the install-time mutation of an AI-agent skill directory creates lifecycle risk even though the installed skill is first-party and package-aligned. Treat as warn rather than publish block under the install control-surface policy.
Evidence
package.jsonscripts/postinstall.mjsbin/zmyt.mjsdist/index.jsskills/zmyt-crm/SKILL.mdREADME.md~/.agents/skills/zmyt-*~/.claude/skills/zmyt-*~/.cursor/skills/zmyt-*~/.hermes/skills/zmyt-*~/.zmyt/config.json~/.zmyt/access_token
Network endpoints2
trade.zhimaoyuntu.com/admin-api127.0.0.1:<port>/callback
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs global install creates symlinks from packaged skills/zmyt-* into ~/.agents/skills
- scripts/postinstall.mjs may remove an existing ~/.agents/skills/zmyt-* target before replacing it
- dist/index.js includes explicit setup-skills command for ~/.agents, ~/.claude, ~/.cursor, ~/.hermes skill dirs
Evidence against
- Packaged skill content is ZMYT CRM command guidance, not prompt hijack or reviewer manipulation
- CLI network endpoints are aligned to ZMYT SaaS: https://trade.zhimaoyuntu.com/admin-api and localhost OAuth callback
- No child_process, eval/vm/Function, native binary loading, or remote payload execution found
- Token storage and API use are user-invoked auth flows under ~/.zmyt
Behavioral surface
EnvironmentVarsFilesystem
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings