AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Package has a real agent/CLI extension lifecycle surface in its own ~/.webcmd namespace, but no confirmed malicious install-time hijack. Risk is from lifecycle-maintained user runtime files and user-invoked plugin execution.
Decision evidence
public snapshot- package.json runs postinstall and preuninstall lifecycle scripts
- scripts/postinstall.js writes shell completion files and ~/.webcmd/spotify.env on global install
- scripts/fetch-adapters.js lifecycle-maintains ~/.webcmd/clis and deletes stale package-owned overrides
- dist/src/main.js startup creates ~/.webcmd runtime shims and loads user adapters/plugins
- dist/src/plugin.js user-invoked plugin install can git clone, npm install, symlink, transpile, and later import plugins
- No lifecycle write to CLAUDE.md, .mcp.json, Codex/Cursor/Claude config, or other foreign AI-agent control surface found
- postinstall is guarded to CI skip and global npm install for completions/adapter sync
- Network in preuninstall targets localhost shutdown only
- Update check network is disabled by UPDATE_CHECKS_ENABLED=false
- Remote plugin cloning is CLI user-invoked, not install-time
- No credential harvesting or exfiltration logic found in inspected lifecycle/entry files
Source & flagged code
11 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/src/external.jsView on unpkg · L4Package source references a known benign dynamic code generation pattern.
dist/src/browser.test.jsView on unpkg · L294Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L256Package source references weak cryptographic algorithms.
clis/grok/image.jsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/cli.jsView on unpkg · L100This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/download/index.jsView on unpkgHardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28