AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. A downstream npm install automatically mutates the consumer project's AI-agent control surfaces. The hook stages a launcher and synchronizes Construct-managed adapters without an explicit setup command.
Decision evidence
public snapshot- `package.json` runs `bin/construct-postinstall.mjs` on install.
- `bin/construct-postinstall.mjs` automatically stages `.construct`, appends `.gitignore`, and writes an install receipt.
- `lib/install/stage-project.mjs` executes `scripts/sync-specialists.mjs --project` during postinstall.
- `scripts/sync-specialists.mjs` defines project writes to `.claude`, `.codex`, `.github`, and `.mcp.json` AI-agent integration surfaces.
- Global install exits before machine-scope setup; user-scope setup requires an explicit `construct install --footprint=user`.
- `lib/hooks/scan-secrets.mjs` detects and blocks local secret writes; no exfiltration is shown.
- Flagged OpenRouter and telemetry paths are runtime features, not invoked by the postinstall chain.
Source & flagged code
22 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/hooks/scan-secrets.mjsView on unpkg · L47RSA private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L47OpenSSH private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L51Package source references child process execution.
platforms/opencode/sync-config.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
lib/deck-export-pptx.mjsView on unpkg · L1345Package source references dynamic require/import behavior.
lib/deck-export-pptx.mjsView on unpkg · L20Package source references weak cryptographic algorithms.
lib/document-assets.mjsView on unpkg · L21Source writes installer persistence such as shell profile or service configuration.
lib/embed/supervision.mjsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/runtime/whisper-bootstrap.mjsView on unpkg · L23Source appears to send environment or credential material to an external endpoint.
lib/mcp/tools/memory.mjsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/libreoffice-export.mjsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
lib/document-extract/docling-sidecar.pyView on unpkgPackage ships high-entropy non-source blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships compressed or archive-like blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
templates/distribution/construct-reference.docxView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/mcp/memory-bridge.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/mcp/tools/telemetry.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/providers/secret-resolver.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/runtime/uv-bootstrap.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/distill.mjsView on unpkg