AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package runs an unprompted postinstall synchronizer in the consuming project. It injects package-controlled AI-agent configurations and instructions into several supported agent control surfaces.
Decision evidence
public snapshot- `package.json` defines `postinstall: node bin/sync.mjs`.
- `bin/sync.mjs` selects consumer `INIT_CWD`/working directory.
- Postinstall creates agent-control symlinks under `.cursor`, `.claude`, `.codex`, `.opencode`, `.pi`, and `.mcp.json`.
- `bin/sync.mjs` modifies consumer `opencode.json` to load package instructions.
- Dropped MCP configs invoke `npx -y @geometra/mcp@1.61.3` and `state-trace-mcp`.
- Sync avoids overwriting existing real files or mismatched symlinks.
- No source evidence of credential harvesting, exfiltration, or destructive deletion.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references weak cryptographic algorithms.
lib/leadharness-crawler.mjsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/sync.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
batch/batch-runner.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/batch-orchestrator.mjsView on unpkg