AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The CLI can install and refresh first-party Flopod Claude skill files in a project during explicit scaffolding or agent-authoring actions. It also invokes dependency installation only from the explicit `flopod new` command.
Decision evidence
public snapshot- `dist/commands/new.js` writes bundled skills to `.claude/skills/*` on explicit `flopod new`.
- `dist/chat-agent.js` refreshes `.claude/skills/*` before an authoring-agent run.
- `dist/bundled-skills.js` overwrites packaged agent-skill files in the selected project.
- `dist/commands/new.js` runs `npm install` only after explicit `flopod new`.
- `dist/chat-agent.js` dynamically loads the Claude Agent SDK for user-invoked authoring.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- Entrypoints dispatch CLI commands; import does not execute project mutation.
- No `eval`, `Function`, VM loading, hidden downloader, or package-install-time network action found.
- Fly and Git operations are explicit deploy/sync CLI paths rather than background behavior.
Source & flagged code
6 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/providers/fly.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/new.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/commands/new.jsView on unpkg · L44