AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package provides runtime agent-launch and AI-agent configuration materialization capabilities. It can write project-local Claude Code/Pi configuration when its materializer services are invoked, but no npm install-time trigger was found.
Decision evidence
public snapshot- `dist/src/session-hook-materializer-service.js` writes command hooks to `.claude/settings.json`.
- `dist/src/pi-settings-materializer.js` mutates project `.pi/settings.json` package configuration.
- `dist/src/skill-materializer.js` creates/removes plugin-marked `.pi/skills` directories.
- `dist/src/agent-harness/agent-wrapper.js` spawns configured agent-provider commands with runtime environment secrets.
- Package ships executable `native/*/rig-shell` and `native/*/rig-tools` artifacts.
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle scripts.
- No import-time execution is present in inspected entry modules; materializers require explicit service invocation.
- Hook materializer preserves non-plugin-owned hooks and removes only marker-owned entries.
- Network code is limited to configured Rig steering API and npm registry package search.
- No `eval`, `Function`, VM execution, credential exfiltration endpoint, or destructive broad-path logic found.
Source & flagged code
3 flagged · loading sourceSource writes persistence or remote-access backdoor material.
dist/src/agent-harness/rig-agent.jsView on unpkg · L15A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/src/agent-harness/rig-agent.jsView on unpkg · L15