AI Security Review
scanned 13h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. On npm postinstall, the package downloads a native executable and runs it. If either existing agent directory is found, it automatically invokes hook installation across supported agents without user confirmation.
Decision evidence
public snapshot- package.json declares postinstall: node scripts/install.js.
- scripts/install.js downloads and executes vendor/aegis during postinstall.
- scripts/install.js detects ~/.claude or ~/.codex and invokes `install-hooks --all` without confirmation.
- README.md confirms those hooks alter Claude Code/Codex PreToolUse behavior.
- The downloaded native binary is not included for source inspection; its hook writes are opaque.
- scripts/install.js verifies the downloaded asset SHA-256 against checksums.json.
- The source does not harvest credentials or transmit environment values.
- README.md and install.js state shell-proxy setup is an explicit user command.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
scripts/install.jsView on unpkg · L4