AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an AI pipeline CLI with user-invoked setup, project initialization, worker spawning, and provider integrations that match its stated purpose.
Decision evidence
public snapshot- dist/commands/setup.js runs user-invoked npm install -g for @agentclientprotocol/claude-agent-acp.
- dist/commands/projectInit.js and dist/commands/doctor.js can install .claude hook/settings files into initialized projects.
- dist/infra/spawn.js and dist/manager/worker-manager-impl.js spawn CLI/agent workers during pipeline operation.
- dist/providers/llm/localSubscription.js reads local Claude/Codex credential files to detect subscriptions.
- package.json has no install/postinstall/prepare hook; prepublishOnly is publish-time build only.
- dist/main.js only dispatches CLI commands; no import-time exfiltration or hidden execution beyond fetch polyfill.
- Project .claude hooks run sps card lifecycle commands and are installed by explicit project init/doctor --fix workflows.
- Network code is aligned with configured GitLab, Matrix, OpenAI/Codex auth, and local agentmemory features.
- project-template/.claude/hooks/stop.sh only marks cards complete and includes commented examples.
- No credential harvesting/exfiltration path found; local credential reads are for explicit provider availability/auth refresh.
Source & flagged code
10 flagged · loading sourcePackage source references child process execution.
dist/infra/spawn.jsView on unpkg · L10Package source invokes a package manager install command at runtime.
dist/commands/setup.jsView on unpkg · L205Source writes installer persistence such as shell profile or service configuration.
dist/commands/setup.jsView on unpkg · L20Package ships non-JavaScript build or shell helper files.
project-template/batch_scheduler.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
project-template/.claude/hooks/stop.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/manager/worker-manager-impl.jsView on unpkg