AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates Claude agent skill files during npm postinstall. This is an AI-agent control-surface write before the user explicitly runs setup.
Decision evidence
public snapshot- package.json runs postinstall: node dist/bin/install.js --commands-only
- dist/bin/install.js --commands-only calls copySlashCommands(packageRoot) during npm install
- dist/chunk-K6GZMAIA.js copySlashCommands writes package markdown into ~/.claude/skills/*/SKILL.md
- dist/bin/install.js can refresh LaunchAgent/systemd daemon files after setup exists
- dist/chunk-BVV6NHKQ.js notification network sends only to user-configured Telegram/email endpoints
- dist/chunk-6DTSAEDS.js api.askexe.com calls are setup/license/cloud flows, not automatic credential exfiltration
- Global Claude/Codex hook installation is mostly behind explicit --global/user commands
Source & flagged code
15 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/chunk-75H4R62K.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
dist/bin/install.jsView on unpkg · L89Package source references dynamic require/import behavior.
dist/chunk-36SS3TE7.jsView on unpkg · L419Source writes installer persistence such as shell profile or service configuration.
dist/chunk-36SS3TE7.jsView on unpkg · L59A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/project-boot-3UP6ETJY.jsView on unpkg · L8Source appears to send environment or credential material to an external endpoint.
dist/chunk-6DTSAEDS.jsView on unpkg · L21Source executes local commands and sends command output to an external endpoint.
dist/chunk-BVV6NHKQ.jsView on unpkg · L49A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-BVV6NHKQ.jsView on unpkg · L49Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/bin/cli.jsView on unpkg · L7Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/deferred-daemon-restart.jsView on unpkg · L132Package source invokes a package manager install command at runtime.
dist/bin/update.jsView on unpkg · L149Package ships non-JavaScript build or shell helper files.
dist/bin/exe-start.shView on unpkg