cami-design @0.2.5

Summary

On install, scripts/install.js invokes autoUpdate.install(), which writes a launchd agent to ~/Library/LaunchAgents/co.themobilefirst.cami-design.update.plist (scripts/auto-update.js) that runs npm install -g cami-design@latest --silent every 24 hours and is loaded immediately via launchctl load . The persisted agent fetches whatever version of the package is published as @latest at any future moment, with global install scope and no integrity verification. This establishes a long-lived remote code execution channel: any subsequent malicious publish (including via a compromised npm account) will be silently auto-installed system-wide on every machine that ever installed this version. The persistence is opt-out-only (an environment variable disables it) with no prompt at install time. A separate postinstall behavior symlinks bundled directories into ~/.claude/skills/ with.bak backups; this is the advertised function and not the basis for the block, but it also mutates a user-owned config directory silently.

Source: amazon-inspector (57ccc787b2437085a18ed05c52fc473d8c28162cbe3cbbaa04adaefa73389da1)