AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall mutates the consuming project's AI-agent control surfaces without an explicit user command. It stages a launcher and synchronizes bundled agent configuration into project directories.
Decision evidence
public snapshot- package.json defines postinstall: node ./bin/construct-postinstall.mjs.
- bin/construct-postinstall.mjs runs automatically for consumer project installs and calls stageProjectAdapters.
- lib/install/stage-project.mjs copies launchers into <project>/.construct and invokes scripts/sync-specialists.mjs --project.
- scripts/sync-specialists.mjs documents and writes project AI-agent surfaces including .claude, .codex, .github, and .mcp.json.
- postinstall also appends Construct patterns to the consumer .gitignore and records an install manifest.
- Global installs exit after printing opt-in guidance; home-directory agent setup is not performed by postinstall.
- CONSTRUCT_SKIP_POSTINSTALL=1 disables the hook, but it is not the default.
- No credential exfiltration was confirmed in lib/mcp/tools/memory.mjs; its memory functions are local storage/session operations.
- Network hint for platforms/opencode/sync-config.mjs is an explicit model-sync command, not invoked by postinstall.
Source & flagged code
22 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
lib/hooks/scan-secrets.mjsView on unpkg · L47RSA private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L47OpenSSH private key in lib/hooks/scan-secrets.mjs
lib/hooks/scan-secrets.mjsView on unpkg · L51Package source references child process execution.
platforms/opencode/sync-config.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
lib/deck-export-pptx.mjsView on unpkg · L1345Source file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/deck-export-pptx.mjsView on unpkgPackage source references dynamic require/import behavior.
lib/deck-export-pptx.mjsView on unpkg · L20Package source references weak cryptographic algorithms.
lib/document-assets.mjsView on unpkg · L21Source writes installer persistence such as shell profile or service configuration.
lib/embed/supervision.mjsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/runtime/whisper-bootstrap.mjsView on unpkg · L23Source appears to send environment or credential material to an external endpoint.
lib/mcp/tools/memory.mjsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
lib/libreoffice-export.mjsView on unpkg · L10Package ships non-JavaScript build or shell helper files.
lib/document-extract/docling-sidecar.pyView on unpkgPackage ships high-entropy non-source blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships compressed or archive-like blobs.
templates/distribution/construct-reference.docxView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
templates/distribution/construct-reference.docxView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/doctor/watchers/mcp-protocol.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/init-unified.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/mcp/memory-bridge.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/mcp/tools/telemetry.mjsView on unpkg