AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Starting the gateway copies package and user shared skill definitions into `~/.claude/skills/`. Authenticated runtime features can invoke the local Claude CLI and fetch an app registry for explicit app management.
Decision evidence
public snapshot- `dist/index.js` syncs bundled/shared skills into `~/.claude/skills/` on gateway startup.
- `dist/skills/sync.js` creates, overwrites, and removes marker-owned skill files under that Claude control surface.
- `dist/api/router.js` runs `claude --print --dangerously-skip-permissions` for wizard requests.
- `dist/apps/registry-client.js` fetches an app registry from GitHub; installer code can run container tooling.
- `package.json` postinstall runs `bun install --cwd mcp` when Bun is present.
- Postinstall only installs the package's own `mcp` dependencies; it does not modify Claude configuration.
- No source-backed secret harvesting followed by transmission was found.
- Observed Telegram/Discord requests implement configured bot verification and messaging.
- API mutations and the wizard subprocess route are authenticated in `dist/api/router.js`.
- No eval, encoded payload, stealth persistence, or arbitrary remote code-loading chain was confirmed.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/discord/receiver.jsView on unpkg · L36Source executes local commands and sends command output to an external endpoint.
dist/api/router.jsView on unpkg · L42A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/api/router.jsView on unpkg · L42This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/api/router.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/api/router.jsView on unpkg · L81Package source invokes a package manager install command at runtime.
dist/api/packages.jsView on unpkg · L192