AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package is an MCP server/CLI that can explicitly configure first-party Contextium entries in Claude clients and call Contextium APIs with the user's token.
Decision evidence
public snapshot- dist/cli/setup.js setup command can update Claude Desktop and Claude Code MCP configs after user invocation/auth flow.
- dist/cli/config-manager.js writes Claude Desktop config, project .mcp.json, and ~/.claude/settings.json allow rule mcp__contextium__*.
- dist/api-client.js exposes authenticated create/update/delete operations against Contextium API and brokered connector_request capability.
- package.json has no install/preinstall/postinstall hook; only prepublishOnly build.
- dist/index.js only runs CLI commands or stdio MCP server when invoked via bin/main.
- Network calls are Contextium-aligned API/MCP endpoints or user-provided --api-url.
- No child_process, eval/vm/Function, native binary loading, credential harvesting, or unrelated exfiltration found.
- Credentials are saved locally under ~/.contextium/credentials.json with mode 0600.
Source & flagged code
3 flagged · loading sourcedist/cli/setup.js setup command can update Claude Desktop and Claude Code MCP configs after user invocation/auth flow.
dist/cli/setup.jsView on unpkgdist/cli/config-manager.js writes Claude Desktop config, project .mcp.json, and ~/.claude/settings.json allow rule mcp__contextium__*.
dist/cli/config-manager.jsView on unpkgdist/api-client.js exposes authenticated create/update/delete operations against Contextium API and brokered connector_request capability.
dist/api-client.jsView on unpkg