AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall creates a persistent per-machine identifier. Runtime uses it to invisibly watermark MCP responses; source is deliberately obfuscated, but no credential exfiltration or remote-code execution was confirmed.
Decision evidence
public snapshot- `package.json` runs `postinstall.mjs` automatically.
- `postinstall.mjs` creates `~/.gt-mcp-install.key` with a machine-specific ID.
- `dist/utils/watermark.js` invisibly embeds that ID in MCP responses.
- Published `dist` is RC4/string-array obfuscated, hindering audit.
- Postinstall writes only its own named key file with mode 0600.
- No child-process, shell, eval, or dynamic payload execution was confirmed.
- `dist/services/telemetry.js` records in-process metrics; no telemetry export was confirmed.
- Observed runtime update check targets the npm registry only.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/index.jsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/constants.jsView on unpkg · L1