AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Confirmed unconsented npm postinstall mutation of broad AI-agent control surfaces in the installing project. The package stages Construct launchers and agent/MCP configuration for multiple editors without an explicit user command.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/construct-postinstall.mjs.
- bin/construct-postinstall.mjs runs stageProjectAdapters for consumer projects during npm install.
- lib/install/stage-project.mjs spawns scripts/sync-specialists.mjs --project in the consumer project.
- scripts/sync-specialists.mjs project mode writes broad AI-agent configs: .claude, .codex, .mcp.json, .vscode, .cursor, .github/Copilot adapters.
- Postinstall also writes .construct launchers/state/install-manifest and appends Construct ignore patterns to .gitignore.
- Global install exits with guidance instead of writing user-scope agent config.
- CONSTRUCT_SKIP_POSTINSTALL=1 disables the hook.
- lib/hooks/scan-secrets.mjs is a defensive local secret scanner, not credential harvesting.
- lib/mcp/tools/memory.mjs stores/searches local observations; Rovo search is user-invoked and credential-gated.
- Network endpoints found are package-aligned provider/model/telemetry APIs, not install-time exfiltration.
Source & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/hooks/scan-secrets.mjsView on unpkg · L47RSA private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L47OpenSSH private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L51Package source references child process execution.
platforms/opencode/sync-config.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
lib/deck-export-pptx.mjsView on unpkg · L1323Package source references dynamic require/import behavior.
lib/deck-export-pptx.mjsView on unpkg · L19Package source references weak cryptographic algorithms.
lib/roles/event-bus.mjsView on unpkg · L22Source writes installer persistence such as shell profile or service configuration.
lib/embed/supervision.mjsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/runtime/whisper-bootstrap.mjsView on unpkg · L23Source appears to send environment or credential material to an external endpoint.
lib/mcp/tools/memory.mjsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/libreoffice-export.mjsView on unpkg · L9Package ships non-JavaScript build or shell helper files.
lib/document-extract/docling-sidecar.pyView on unpkgPackage ships high-entropy non-source blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships compressed or archive-like blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
templates/distribution/construct-reference.docxView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/doctor/watchers/mcp-protocol.mjsView on unpkg