registry  /  @fugood/bricks-ctor  /  2.24.11

@fugood/bricks-ctor@2.24.11

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found, but the package contains first-party agent/MCP setup code that can modify local AI-agent config when explicitly invoked. Runtime network use is aligned with model, animation, and BRICKS media/deploy tooling.

Static reason
No blocking static signals were detected.
Trigger
Explicit execution of tools/postinstall.ts or user-invoked MCP/CLI tools, not npm install lifecycle.
Impact
Warn-level local agent configuration change and user-requested network/CLI operations; no unconsented install-time compromise identified.
Mechanism
first-party BRICKS agent extension setup and developer tooling
Rationale
Static inspection shows no install lifecycle hook, exfiltration, destructive action, or remote payload execution; the main risk is explicit first-party agent/MCP configuration and command-capable tooling. Per policy, this is warn-level agent extension lifecycle risk rather than malicious publish-block behavior.
Evidence
package.jsonindex.tstools/postinstall.tstools/_mcp-config.tstools/mcp-server.tstools/mcp-tools/compile.tstools/mcp-tools/media.tstools/mcp-tools/huggingface.tstools/mcp-tools/lottie.tstools/deploy.tstools/pull.tstools/push-config.tsctor/project/.mcp.json.bricks/skills.claude/skills.codex/skills.claude/settings.local.json.gitignore.codex/config.toml.bricks/build/release-config.json.bricks/build/push-config.json
Network endpoints5
huggingface.co/apilottiefiles.com/apiapi.bricks.toolsbank.bricks.toolscdn.bricks.tools

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • tools/postinstall.ts can write project .mcp.json, .codex/config.toml, .claude/settings.local.json, and skill symlinks when invoked in projects with AGENTS.md/CLAUDE.md.
  • tools/postinstall.ts sets Codex MCP server default_tools_approval_mode to approve for the bricks-ctor server.
  • tools/mcp-tools/compile.ts and media.ts expose MCP tools that run bun compile, electron preview, and bunx bricks commands on user request.
  • tools/mcp-tools/huggingface.ts and lottie.ts call external APIs and may use HF_TOKEN for Hugging Face requests.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hook and main index.ts only exports types/utilities.
  • Agent config mutation is guarded by project markers AGENTS.md or CLAUDE.md and is package-owned bricks-ctor setup, not broad foreign takeover.
  • MCP tools are local development helpers and require explicit tool invocation; no import-time execution in index.ts.
  • No credential harvesting, destructive payload, persistence, or remote code download/execute chain found in inspected source.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 26 file(s), 261 KB of source, external domains: control-beta.bricks.tools, control.bricks.tools, huggingface.co, lottiefiles.com

Source & flagged code

4 flagged · loading source
tools/postinstall.tsView file
Published source reference
Medium
Suspicious Lifecycle Evidence

tools/postinstall.ts can write project .mcp.json, .codex/config.toml, .claude/settings.local.json, and skill symlinks when invoked in projects with AGENTS.md/CLAUDE.md.

tools/postinstall.tsView on unpkg
Published source reference
Medium
Suspicious Lifecycle Evidence

tools/postinstall.ts sets Codex MCP server default_tools_approval_mode to approve for the bricks-ctor server.

tools/postinstall.tsView on unpkg
tools/mcp-tools/compile.tsView file
Published source reference
Medium
Ai Review Evidence

tools/mcp-tools/compile.ts and media.ts expose MCP tools that run bun compile, electron preview, and bunx bricks commands on user request.

tools/mcp-tools/compile.tsView on unpkg
tools/mcp-tools/huggingface.tsView file
Published source reference
Medium
Ai Review Evidence

tools/mcp-tools/huggingface.ts and lottie.ts call external APIs and may use HF_TOKEN for Hugging Face requests.

tools/mcp-tools/huggingface.tsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumSuspicious Lifecycle Evidencetools/postinstall.ts
MediumSuspicious Lifecycle Evidencetools/postinstall.ts
MediumAi Review Evidencetools/mcp-tools/compile.ts
MediumAi Review Evidencetools/mcp-tools/huggingface.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License