#8075: fix(skills): add --ignore-scripts to all package managers
agents
stale
Cluster:
Plugin Management Enhancements
## Summary
Adds `--ignore-scripts` flag to all package manager commands (npm, pnpm, yarn, bun) during skill installation to prevent supply chain attacks.
## The Problem
When installing skill dependencies, package managers execute lifecycle scripts (preinstall, install, postinstall) from the installed packages and all their transitive dependencies. This creates a critical remote code execution vulnerability because:
- Package names come from skill metadata, which can be defined in config files or workspace files
- Skills can be downloaded from untrusted sources
- Global package installation runs with user privileges
- No integrity verification or signature checking is performed
An attacker can create a malicious skill definition that references a compromised npm package, or perform a typosquatting/dependency confusion attack to inject malicious code during skill installation.
## Changes
- `src/agents/skills-install.ts`: Added `--ignore-scripts` flag to npm, pnpm, yarn, and bun commands
- `src/agents/skills-install.ignore-scripts.test.ts`: New tests verifying the flag is present for all package managers
## Test Plan
- [x] `pnpm build && pnpm check && pnpm test` passes
- [x] New tests verify `--ignore-scripts` is present for npm, pnpm, yarn, and bun
- [x] Tests verify CWE reference comments are present
## Related
- [CWE-506: Embedded Malicious Code](https://cwe.mitre.org/data/definitions/506.html)
- [CWE-494: Download of Code Without Integrity Check](https://cwe.mitre.org/data/definitions/494.html)
- Internal audit ref: VULN-211
---
*Built with [bitsec-ai](https://github.com/bitsec-ai). AI-assisted: Yes. Testing: fully tested (test written before fix). Code reviewed and understood.*
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
This PR adds `--ignore-scripts` to global Node package installs when installing skills (npm/pnpm/yarn/bun) to prevent untrusted dependency lifecycle scripts from running.
The change is localized to `src/agents/skills-install.ts` (command argv construction) with a new Vitest file intended to ensure the flag remains present across supported package managers.
<h3>Confidence Score: 4/5</h3>
- This PR is generally safe to merge and improves security, with only minor test-quality concerns.
- The runtime change is small and straightforward (adding `--ignore-scripts` to argv). The main concern is that the new tests validate a source-code string rather than behavior, which can create brittle or misleading coverage but shouldn’t affect production behavior.
- src/agents/skills-install.ignore-scripts.test.ts
<!-- greptile_other_comments_section -->
<sub>(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!</sub>
**Context used:**
- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8))
- Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13))
<!-- /greptile_comment -->
Most Similar PRs
#8073: fix(plugins): add --ignore-scripts to npm install
by yubrew · 2026-02-03
85.5%
#8600: fix(update): add --ignore-scripts to prevent supply chain attacks
by yubrew · 2026-02-04
84.1%
#8150: fix(skills): block dangerous environment variables from skill config
by yubrew · 2026-02-03
83.9%
#11432: fix(security): add --ignore-scripts to npm install in hook and plug...
by coygeek · 2026-02-07
82.3%
#10016: fix: prevent FD exhaustion from skill watcher scanning artifact trees
by oldeucryptoboi · 2026-02-06
81.4%
#7938: fix(agents): install node skills with --prefix CONFIG_DIR for non-r...
by logozorro · 2026-02-03
81.2%
#3933: fix(skills): Make skill scripts executable
by jaysonsantos · 2026-01-29
80.8%
#11032: fix(security): block plugin install/load on critical source scan fi...
by coygeek · 2026-02-07
79.8%
#21839: fix(skills): allowBundled: [] now blocks all bundled skills
by hydro13 · 2026-02-20
79.4%
#23183: fix(skill-creator): exclude .git and VCS internals from .skill arch...
by aldoeliacim · 2026-02-22
79.0%