AI Security Review
scanned 54m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an MCP server plus optional Claude Code governance hook shim. Risk is first-party agent hook setup and local hook state/telemetry if a user deliberately installs the suggested hooks; no install-time or import-time attack behavior is confirmed.
Decision evidence
public snapshot- src/prompts/governance-setup.ts emits Claude Code hook config for .claude/settings.json
- src/governance/cli.ts implements hook subcommands that can deny PreToolUse actions
- src/governance/grounding.ts reads ~/.claude/CLAUDE.md and writes ~/.everystack/governance/grounding state
- src/gates/telemetry.ts appends per-session telemetry metadata under ~/.everystack/governance
- src/tools/check-environment.ts uses execSync for local prerequisite version checks when tool is invoked
- package.json has no preinstall/install/postinstall lifecycle scripts
- Hook installation is prompt-generated and explicitly says confirm-first, not silent install-time mutation
- No credential harvesting or exfiltration code found; telemetry records rule/path/severity only
- dist/aws-setup.md secret-like findings are placeholder IAM/AWS setup documentation, not embedded credentials
- eval in src/resources/index.ts is for __dirname/import.meta.url resolution, not remote code execution
- Network URLs are documentation/install hints; no runtime fetch or remote payload loading found
Source & flagged code
6 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/aws-setup.mdView on unpkg · L216Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L1229Package source references a known benign dynamic code generation pattern.
dist/index.cjsView on unpkg · L21553AWS access key ID in src/resources/aws-setup.md
src/resources/aws-setup.mdView on unpkg · L216