AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. At runtime, an authenticated MCP caller can cause the package to fetch a caller-supplied URL and forward its content to the A-Team backend. A build operation also automatically updates CLAUDE.md in the selected solution repository.
Decision evidence
public snapshot- src/tools.js:3013 fetches an unrestricted user-supplied file.url, then uploads its text to the platform.
- src/tools.js:2619 automatically invokes ateam_write_agent_doc during build_and_run.
- src/tools.js:3478 patches CLAUDE.md in the selected solution GitHub repository.
- src/tools.js:4011 requires explicit authentication before tenant-aware operations.
- package.json has no preinstall, install, postinstall, or other lifecycle hook.
- src/index.js only starts an MCP stdio server or explicit --http server.
- src/api.js sends configured API credentials as headers to the configured A-Team API client endpoint.
- No filesystem harvesting, shell execution, eval/vm use, binary loading, or stealth persistence was found in inspected source.
Source & flagged code
2 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
src/tools.jsView on unpkg · L51A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/tools.jsView on unpkg · L51