AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package contains explicit BRICKS project tooling, including optional MCP setup and network-backed search/sync helpers, but no automatic install-time or import-time execution.
Static reason
No blocking static signals were detected.
Trigger
Importing index.ts or explicitly running package tools
Impact
Expected project file sync/configuration when tools are explicitly invoked; no unconsented package install mutation confirmed
Mechanism
Type/utility exports plus user-invoked BRICKS project tooling
Rationale
Static inspection found project-scoped BRICKS/MCP helper tooling but no lifecycle hook, import-time side effect, credential theft, destructive payload, or unconsented broad agent control-surface mutation. The risky primitives are aligned with explicit user-invoked project setup/sync behavior.
Evidence
package.jsonindex.tstools/postinstall.tstools/_mcp-config.tstools/mcp-server.tstools/mcp-tools/lottie.tstools/mcp-tools/huggingface.tstools/pull.tstools/deploy.tstools/push-config.tsctor/project.mcp.json.bricks/skills.claude/skills.codex/skills.claude/settings.local.json.gitignore.codex/config.toml.bricks/build/release-config.json.bricks/build/push-config.json
Network endpoints5
lottiefiles.com/apihuggingface.co/apicontrol.bricks.tools/applicationPreview.htmlcontrol-beta.bricks.tools/applicationPreview.htmllocalhost:3006/dev-applicationPreview.html
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks or bin entry; main is index.ts
- index.ts only re-exports package types and utility functions
- tools/postinstall.ts is not lifecycle-wired; when explicitly run it copies package files/skills and adds bricks-ctor MCP config entries
- MCP/network tools are user-invoked project utilities for LottieFiles, Hugging Face, preview, and BRICKS CLI workflows
- No credential harvesting or external exfiltration path found; HF_TOKEN is only used as optional Hugging Face API auth header
- Shell/git/file mutations are in explicit tools/pull.ts, deploy.ts, push-config.ts workflows, not import-time or install-time execution
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
2 Medium5 Low
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License