AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates AI-agent control surfaces during npm postinstall in a consuming project. This is install-time, unconsented staging of agent adapters and settings, even if package-aligned.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/construct-postinstall.mjs
- bin/construct-postinstall.mjs runs on npm install and calls stageProjectAdapters for consumer projects
- lib/install/stage-project.mjs creates .construct files and spawns scripts/sync-specialists.mjs --project
- scripts/sync-specialists.mjs project mode writes AI-agent control files including .claude/settings.json, .claude/agents, .codex, .github, .vscode, Cursor/OpenCode config
- bin/construct-postinstall.mjs also appends Construct ignore patterns to the consumer .gitignore
- Global install path exits with guidance and does not write user-scope AI config
- CONSTRUCT_SKIP_POSTINSTALL=1 disables the lifecycle hook
- lib/hooks/scan-secrets.mjs contains detector regexes, not embedded secrets
- lib/mcp/tools/memory.mjs Rovo/Atlassian network code is user-invoked MCP search, not install-time exfiltration
- platforms/opencode/sync-config.mjs fetches OpenRouter model metadata only when explicitly run
Source & flagged code
17 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/hooks/scan-secrets.mjsView on unpkg · L47RSA private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L47OpenSSH private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L51Package source references child process execution.
platforms/opencode/sync-config.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
lib/deck-export-pptx.mjsView on unpkg · L1323Package source references dynamic require/import behavior.
lib/deck-export-pptx.mjsView on unpkg · L19Package source references weak cryptographic algorithms.
lib/roles/event-bus.mjsView on unpkg · L22Source writes installer persistence such as shell profile or service configuration.
lib/embed/supervision.mjsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/runtime/whisper-bootstrap.mjsView on unpkg · L22Source appears to send environment or credential material to an external endpoint.
lib/mcp/tools/memory.mjsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/libreoffice-export.mjsView on unpkg · L9Package ships non-JavaScript build or shell helper files.
lib/document-extract/docling-sidecar.pyView on unpkgPackage ships high-entropy non-source blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships compressed or archive-like blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
templates/distribution/construct-reference.docxView on unpkg