AI Security Review
scanned 8d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package mutates AI-agent control surfaces during npm postinstall in a consumer project. It stages launchers and generated agent/hook/MCP configuration without an explicit command invocation by the user.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/construct-postinstall.mjs
- bin/construct-postinstall.mjs runs stageProjectAdapters for consumer installs unless CONSTRUCT_SKIP_POSTINSTALL=1
- lib/install/stage-project.mjs writes .construct launcher files and spawns scripts/sync-specialists.mjs --project
- scripts/sync-specialists.mjs project mode writes .claude/settings.json, .claude/agents, .codex, .github, .opencode, .vscode, and Cursor agent config
- scripts/sync-specialists.mjs installs Claude hooks that execute node "${CLAUDE_PROJECT_DIR:-.}/.construct/run.mjs" hook <name>
- Global install path only prints opt-in guidance and exits
- lib/hooks/scan-secrets.mjs is a defensive hook that reads a TOOL_INPUT_FILE_PATH and blocks detected secrets
- lib/mcp/tools/memory.mjs stores/searches local observations and sessions; Rovo network calls are user-invoked tool behavior
- MCP config builder emits env references for secrets rather than literal credential values
- OpenRouter/Ollama network in platforms/opencode/sync-config.mjs is user-invoked config sync, not install-time exfiltration
Source & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/hooks/scan-secrets.mjsView on unpkg · L47RSA private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L47OpenSSH private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L51Package source references child process execution.
platforms/opencode/sync-config.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
lib/deck-export-pptx.mjsView on unpkg · L1323Package source references dynamic require/import behavior.
lib/deck-export-pptx.mjsView on unpkg · L19Package source references weak cryptographic algorithms.
lib/roles/event-bus.mjsView on unpkg · L22Source writes installer persistence such as shell profile or service configuration.
lib/embed/supervision.mjsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/runtime/whisper-bootstrap.mjsView on unpkg · L22Source appears to send environment or credential material to an external endpoint.
lib/mcp/tools/memory.mjsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/libreoffice-export.mjsView on unpkg · L9Package ships non-JavaScript build or shell helper files.
lib/document-extract/docling-sidecar.pyView on unpkgPackage ships high-entropy non-source blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships compressed or archive-like blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
templates/distribution/construct-reference.docxView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
lib/export-validate.mjsView on unpkg