AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI actions can scaffold a project, install its declared dependencies, and add first-party Claude skills. User-initiated authoring sessions can invoke an external agent SDK with editing and Bash capabilities.
Decision evidence
public snapshot- `dist/bundled-skills.js` copies bundled files into `<projectDir>/.claude/skills/*`.
- `dist/commands/new.js` invokes that copy during explicit `flopod new` scaffolding.
- `dist/chat-agent.js` loads user/project Claude settings and gives author sessions Bash plus edit tools.
- `dist/commands/new.js` explicitly runs `npm install` in the newly created project.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No source-inspected code sends harvested environment variables or files to a package-controlled endpoint.
- The `.claude` mutation is limited to first-party bundled skills under the selected project directory.
- `dist/providers/fly.js` only prints Fly installation URLs; it does not execute those shell pipelines.
Source & flagged code
6 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/providers/fly.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/new.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/commands/new.jsView on unpkg · L43