AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The main risk is explicit user-command installation of package-owned Claude Code skills, agents, and commands via symlinks, not install-time mutation.
Decision evidence
public snapshot- cli/commands/install.mjs exposes explicit user-run install that delegates to install.sh
- install.sh creates symlinks under $CLAUDE_HOME/{skills,agents,commands} from package-owned skills/agents/commands
- cli/lib/mcp-server.mjs spawns the package CLI for MCP tool calls with inherited env
- package.json has no preinstall/install/postinstall lifecycle scripts
- cli/bin/design-ai.mjs only dispatches user-selected commands at runtime
- install.sh skips non-symlink existing targets and only removes symlinks pointing into this package
- cli/lib/mcp-server.mjs validates MCP tool names/arguments and maps to fixed CLI subcommands
- No credential harvesting or exfiltration endpoints found in inspected CLI/install files
Source & flagged code
2 flagged · loading sourcePackage ships non-JavaScript build or shell helper files.
tools/migrations/add-version-frontmatter.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/lib/mcp-server.mjsView on unpkg