AI Security Review
scanned 16h ago · by lpm-firewall-aiThe package is an MCP payment middleware with an install-time affiliate ID generator. The lifecycle write is package-owned affiliate tracking in the user's home directory, but no confirmed malware, exfiltration, persistence, or AI-agent control hijack was found.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; runtime activates when importing wrapMCPServer or invoking the CLI.
Impact
Adds affiliate metadata to package payment flows and can create/verify Stripe payments when configured by the caller.
Mechanism
affiliate ID creation plus payment middleware for x402/Stripe
Rationale
Static inspection shows a lifecycle home-directory write for package-owned affiliate tracking, which is questionable but not a foreign agent control-surface mutation or malware. The network and secret-handling code is aligned with declared payment middleware behavior and requires user-supplied Stripe configuration.
Evidence
package.jsonscripts/postinstall.jsindex.js~/.gadgethumans/affiliate_id
Network endpoints3
swarm.gadgethumans.com/api/x402/swarm.gadgethumans.com/x402/stripe.com/docs/api
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node scripts/postinstall.js.
- scripts/postinstall.js writes ~/.gadgethumans/affiliate_id during install and reads existing value.
- index.js reads ~/.gadgethumans/affiliate_id and includes it in payment metadata/402 responses.
- index.js creates/retrieves Stripe PaymentIntents when caller supplies a Stripe secret key.
- Package embeds payment router/docs URL https://swarm.gadgethumans.com/api/x402/.
Evidence against
- No code found writing Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces.
- No child_process, eval/vm/Function, native binary, or remote code execution paths observed in inspected files.
- Network use is payment-domain aligned: Stripe SDK operations and x402 router metadata.
- Lifecycle hook only creates a package-owned affiliate identifier under ~/.gadgethumans, not persistence or credential harvesting.
- Payment wrapping is runtime/user-invoked through exported middleware and CLI, not automatic import-time exfiltration.
Behavioral surface
CryptoFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings