AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `flopod new <name>` command scaffolds a project and installs first-party Claude skill files. The package also exposes an opt-in Claude-powered authoring agent able to edit and execute within the selected project.
Decision evidence
public snapshot- `dist/commands/new.js` writes bundled files under a new project's `.claude/skills/`.
- `dist/chat-agent.js` invokes the Claude Agent SDK with authoring capabilities that can edit and run commands.
- `dist/commands/new.js` runs `npm install` after an explicit `flopod new` command.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `dist/index.js` dispatches behavior only after an explicit CLI subcommand.
- `.claude/skills` writes are limited to the user-named scaffold directory, not a home/global agent configuration.
- No source evidence of credential exfiltration, stealth persistence, remote payload loading, or destructive behavior.
Source & flagged code
6 flagged · loading sourceSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/providers/fly.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/new.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/commands/new.jsView on unpkg · L44