Loading npm security reports…
CLI and client for uploads.sh — workspace-scoped image hosting for GitHub embeds
LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is present. An explicit `uploads install` command installs a named agent skill and registers this package's hosted MCP endpoint with Claude Code; normal successful CLI commands may also perform an opt-out update check.
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/update-check.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/update-check.jsView on unpkg