AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time execution occurs. Explicit CLI setup commands modify first-party AgentOne/Claude extension configuration and install hooks that process Claude input locally. No confirmed exfiltration or remote execution path was found.
Decision evidence
public snapshot- Explicit `install` copies hooks, commands, and a skill into `~/.claude`.
- `install` merges package hook commands into `~/.claude/settings.json`.
- `install-desktop` writes this package's MCP entry to Claude Desktop config.
- MCP persists compressed-body/cache data under its package data directory.
- `package.json` has no preinstall/install/postinstall lifecycle scripts.
- No network client, shell execution, eval, or remote payload loader found.
- MCP accepts local stdio JSON-RPC and exposes compression/statistics tools.
- Dynamic require is limited to fixed package-local MCP/stat script candidates.
- Unicode finding is an intentional zero-width-character sanitization regex.
- SHA-1 is only used to derive short local body-store identifiers.
Source & flagged code
3 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
mcp-server/index.jsView on unpkg · L616Package source references dynamic require/import behavior.
mcp-server/index.jsView on unpkg · L4Package source references weak cryptographic algorithms.
mcp-server/index.jsView on unpkg · L24