AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package is a CLI with explicit MCP setup commands and a confirm-gated KOS device control surface, which is risky but package-aligned and user-invoked.
Decision evidence
public snapshot- Explicit `kosui mcp install` can write MCP client config to `.mcp.json` or `.cursor/mcp.json`.
- Explicit install also copies package-owned skills into `.claude/skills/<name>` and may append KOS guidance to `AGENTS.md`.
- `kosui device-mcp` exposes live device write tools and arbitrary discovered endpoint execution, gated by `confirm:true`.
- Child process use exists for CLI/Nx project operations in `src/lib/utils/utils.mjs`, `src/lib/utils/exec.mjs`, and `src/lib/mcp/backends/exec-kosui.mjs`.
- `package.json` has no preinstall/install/postinstall lifecycle scripts.
- Agent/MCP config mutation is only under explicit `kosui mcp install*` subcommands, not install-time or import-time.
- MCP server entries point back to first-party `kosui mcp` and `kosui device-mcp`, not remote payloads.
- Network access is package-aligned: device MCP uses user/default base URL `http://localhost:8081` and documented KOS device APIs.
- No credential harvesting, exfiltration endpoint, destructive persistence, obfuscated payload, or remote code download found in inspected sources.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
src/lib/utils/java-home.mjsView on unpkg · L1Package source references dynamic require/import behavior.
src/lib/utils/generator-loader.mjsView on unpkg · L28Package source invokes a package manager install command at runtime.
src/lib/utils/utils.mjsView on unpkg · L34This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/lib/mcp/backends/exec-kosui.mjsView on unpkg