AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time or import-time execution was found. The unresolved risk is an included .claude settings file that grants broad agent permissions if used by a Claude workspace.
Static reason
No blocking static signals were detected.
Trigger
Opening or using the package directory as a Claude-controlled workspace
Impact
Could relax agent command/read permissions in that workspace; no automatic npm install mutation or exfiltration path was found.
Mechanism
package-shipped Claude permission configuration
Rationale
Source inspection did not confirm malware behavior, credential harvesting, or unconsented install-time mutation. Because a package-owned Claude settings file grants broad agent permissions, this should warn rather than publish-block.
Evidence
package.jsonbin/index.jssrc/index.tssrc/container.config.tssrc/ai-engine-connector/AiEngineApi.tssrc/credit-engine/queue/CreditStatementPublisher.ts.claude/settings.json
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- .claude/settings.json ships Claude permissions allowing npm publish/install, git push/add/commit, and reads under /Users/yhon/fsrc/**.
- Package includes a package-owned AI-agent control-surface file despite no runtime need for an API invoker library.
Evidence against
- package.json has only prepublishOnly build; no preinstall/install/postinstall hook.
- bin/index.js and src/index.ts only re-export modules.
- Source is mainly env-configured HTTP clients using @fiado/http-client and SQS publishers using @aws-sdk/client-sqs.
- No child_process, eval/vm, native binaries, shell scripts, or filesystem writes found in package source.
- Network targets are environment-variable service URLs or SQS queue URLs, aligned with package purpose.
Behavioral surface
CryptoEnvironmentVars
HighEntropyStrings
Source & flagged code
1 flagged · loading sourceclaude/settings.jsonView file
•Published source reference
Medium
Ai Review Evidence
.claude/settings.json ships Claude permissions allowing npm publish/install, git push/add/commit, and reads under /Users/yhon/fsrc/**.
claude/settings.jsonView on unpkgFindings
3 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidenceclaude/settings.json
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings