AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found, but the package contains first-party agent/MCP setup code that can modify local AI-agent config when explicitly invoked. Runtime network use is aligned with model, animation, and BRICKS media/deploy tooling.
Decision evidence
public snapshot- tools/postinstall.ts can write project .mcp.json, .codex/config.toml, .claude/settings.local.json, and skill symlinks when invoked in projects with AGENTS.md/CLAUDE.md.
- tools/postinstall.ts sets Codex MCP server default_tools_approval_mode to approve for the bricks-ctor server.
- tools/mcp-tools/compile.ts and media.ts expose MCP tools that run bun compile, electron preview, and bunx bricks commands on user request.
- tools/mcp-tools/huggingface.ts and lottie.ts call external APIs and may use HF_TOKEN for Hugging Face requests.
- package.json has no preinstall/install/postinstall lifecycle hook and main index.ts only exports types/utilities.
- Agent config mutation is guarded by project markers AGENTS.md or CLAUDE.md and is package-owned bricks-ctor setup, not broad foreign takeover.
- MCP tools are local development helpers and require explicit tool invocation; no import-time execution in index.ts.
- No credential harvesting, destructive payload, persistence, or remote code download/execute chain found in inspected source.
Source & flagged code
4 flagged · loading sourcetools/postinstall.ts can write project .mcp.json, .codex/config.toml, .claude/settings.local.json, and skill symlinks when invoked in projects with AGENTS.md/CLAUDE.md.
tools/postinstall.tsView on unpkgtools/postinstall.ts sets Codex MCP server default_tools_approval_mode to approve for the bricks-ctor server.
tools/postinstall.tsView on unpkgtools/mcp-tools/compile.ts and media.ts expose MCP tools that run bun compile, electron preview, and bunx bricks commands on user request.
tools/mcp-tools/compile.tsView on unpkgtools/mcp-tools/huggingface.ts and lottie.ts call external APIs and may use HF_TOKEN for Hugging Face requests.
tools/mcp-tools/huggingface.tsView on unpkg