AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. A global npm install silently modifies multiple foreign AI-agent control surfaces. Subsequent agent sessions execute package-owned code or inject package-owned instructions.
Decision evidence
public snapshot- `package.json` runs `scripts/install-agent-hooks.mjs` as `postinstall`.
- Global npm installation enables hook installation without an explicit opt-in variable.
- `scripts/install-agent-hooks.mjs` writes Claude, Codex, OpenCode, and Copilot user-level agent configuration.
- Installed hooks execute `hooks/session-start`; OpenCode loads `.opencode/plugin/use-cases.js`, which injects package bootstrap instructions into chats.
- No credential harvesting or network request code was found in inspected lifecycle and hook sources.
- `hooks/session-start` only reads the packaged bootstrap and emits JSON context.
- The flagged Python file is a plain pytest acceptance test, not a payload.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
packages/mcp/dist/index.jsView on unpkg · L11Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-agent-hooks.mjsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/python-pytest/tests/use_cases/example.checkout.apply_coupon_test.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/core/dist/markers/cli/verify.jsView on unpkg