AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup can configure Contextium as an MCP server and allow-list its Claude Code tools. This is package-aligned agent extension setup, not unconsented install-time hijack.
Decision evidence
public snapshot- dist/cli/setup.js user-invoked setup can auto-update Claude Desktop or project MCP config.
- dist/cli/config-manager.js writes ~/.claude/settings.json permission allow rule mcp__contextium__*.
- dist/cli/config-manager.js writes .mcp.json with npx -y @contextium/mcp-server@latest.
- dist/cli/config-manager.js writes Claude Desktop mcpServers contextium entries.
- package.json has no install/preinstall/postinstall hook; only prepublishOnly build.
- Network calls are aligned to Contextium API/MCP endpoints.
- No child_process, eval, native binary, or staged payload behavior found.
- Credentials are stored locally under ~/.contextium/credentials.json with 0600 mode.
- Agent config mutation occurs via explicit setup/logout commands, not install-time execution.
Source & flagged code
4 flagged · loading sourcedist/cli/setup.js user-invoked setup can auto-update Claude Desktop or project MCP config.
dist/cli/setup.jsView on unpkgdist/cli/config-manager.js writes ~/.claude/settings.json permission allow rule mcp__contextium__*.
dist/cli/config-manager.jsView on unpkgdist/cli/config-manager.js writes .mcp.json with npx -y @contextium/mcp-server@latest.
dist/cli/config-manager.jsView on unpkgdist/cli/config-manager.js writes Claude Desktop mcpServers contextium entries.
dist/cli/config-manager.jsView on unpkg