AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package as a dependency mutates AI-agent instruction/control files in the consuming project. The mutation is automatic, environment-targeted, and defaults to multiple agent ecosystems.
Decision evidence
public snapshot- `package.json` runs `node postinstall.js` on installation.
- `postinstall.js` treats dependency installs as consumer installs and targets `INIT_CWD` or the consuming project root.
- `postinstall.js` writes/merges `AGENTS.md`, `CLAUDE.md`, and `.cursorrules` without consent.
- `postinstall/detect-agent.js` detects Codex, Claude, Cursor, and other agent environments; default target is `all`.
- `postinstall/agent-stubs.js` injects instructions pointing agents to package-controlled `templates/AGENT.md`.
- `templates/AGENT.md` provides extensive operational instructions for AI coding agents.
- The postinstall path shows no network request, credential exfiltration, or shell execution.
- The CLI's package installation and subprocess behavior is explicit user-invoked runtime functionality.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L1Install-time source drops package-supplied AI-agent/MCP control files or instructions.
postinstall.jsView on unpkg · L24Package ships non-JavaScript build or shell helper files.
templates/docs/survey-ui/verify-agent-build.shView on unpkg