AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package exposes explicit setup commands that configure AI assistant integrations and permission allowlists for Contextium. This is a lifecycle/control-surface risk but not a confirmed malicious chain because activation is user-invoked and package-aligned.
Decision evidence
public snapshot- dist/commands/setup-claude.js installs Claude Code permissions, /ium commands, and global hooks only when the user runs setup-claude.
- dist/lib/claude-permissions.js adds allow rules for Bash contextium * and mcp__contextium__*, and registers SessionStart/statusLine hooks under ~/.claude.
- dist/commands/setup-cursor.js writes Cursor MCP config and mcpAllowlist for Contextium tools under ~/.cursor or ./.cursor.
- dist/commands/setup-codex.js writes ~/.codex/config.toml, AGENTS.md, prompts, and has an opt-in --no-prompt path setting approval_policy = never.
- hooks/ium-check-update.js spawns npm view/npm list in a Claude hook to check Contextium package updates.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build.
- dist/index.js only registers commander CLI commands; setup behavior is explicit user-invoked.
- Network endpoints are package-aligned: api.contextium.io, auth.contextium.io, mcp.contextium.io, npm registry via npm view.
- Auth/token handling uses MSAL cache under ~/.contextium and Contextium API bearer headers, not broad credential harvesting.
- No evidence of eval/vm/Function, native binary loading, destructive behavior, stealth persistence, or unconsented install-time AI-agent mutation.
Source & flagged code
5 flagged · loading sourcedist/commands/setup-claude.js installs Claude Code permissions, /ium commands, and global hooks only when the user runs setup-claude.
dist/commands/setup-claude.jsView on unpkgdist/lib/claude-permissions.js adds allow rules for Bash contextium * and mcp__contextium__*, and registers SessionStart/statusLine hooks under ~/.claude.
dist/lib/claude-permissions.jsView on unpkgdist/commands/setup-cursor.js writes Cursor MCP config and mcpAllowlist for Contextium tools under ~/.cursor or ./.cursor.
dist/commands/setup-cursor.jsView on unpkgdist/commands/setup-codex.js writes ~/.codex/config.toml, AGENTS.md, prompts, and has an opt-in --no-prompt path setting approval_policy = never.
dist/commands/setup-codex.jsView on unpkghooks/ium-check-update.js spawns npm view/npm list in a Claude hook to check Contextium package updates.
hooks/ium-check-update.jsView on unpkg