AI Security Review
scanned 3h ago · by lpm-firewall-aiNo install-time or import-time attack surface is established. Explicit `install` configures the package's own MCP server in selected AI tools; explicit Figma capture emits browser-side remote script loading for the package-aligned Figma workflow.
Static reason
No blocking static signals were detected.
Trigger
User runs `layout-context install`, invokes MCP `push-to-figma`, or uses `scan --sync`.
Impact
Can alter selected AI-tool/project configuration and, on explicit commands, send design scan metadata or load the Figma capture helper.
Mechanism
User-invoked MCP setup, project tooling, and optional remote design-service integration.
Rationale
Source inspection supports a benign design-system CLI/MCP package with explicit integration capabilities. The remote script and configuration writes are relevant but package-aligned and user-invoked, so they do not establish malicious behavior.
Evidence
package.jsondist/bin/cli.jsdist/src/index.jsdist/src/cli/install.jsdist/src/update-check.jsdist/src/cli/scan.jsdist/src/mcp/tools/push-to-figma.jsdist/src/plugins/next/swc.jsdist/src/cli/setup-utils.jsdist/src/install/live.jsdist/src/cli/add.jsdist/src/cli/fetch-kit.jsdist/src/cli/import-zip.js
Network endpoints4
registry.npmjs.org/@layoutdesign/context/latestlayout.designui.staging.layout.design/rmcp.figma.com/mcp/html-to-design/capture.js
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/src/cli/install.js` explicitly configures MCP entries for Claude, Cursor, Windsurf, VS Code, Codex, and Gemini.
- `dist/src/mcp/tools/push-to-figma.js` emits browser JS that fetches and executes `https://mcp.figma.com/mcp/html-to-design/capture.js`.
- `dist/src/cli/scan.js` sends scan metadata only when the user passes `--sync`; optional `LAYOUT_API_KEY` is used as authorization.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- `dist/src/index.js` only re-exports library functions; no import-time side effect was found.
- MCP configuration and project writes are reached only through explicit CLI/MCP commands; `--global` is an explicit install option.
- `dist/src/update-check.js` makes a bounded, fail-silent npm version lookup and stores only a temp-file cache.
- WASM assets are selected as local SWC plugin files by `dist/src/plugins/next/swc.js`; no remote payload loader was found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/bin/cli.jsView file
20import { notifyIfUpdate } from "../src/update-check.js";
L21: const require = createRequire(import.meta.url);
L22: const pkg = require("../../package.json");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/bin/cli.jsView on unpkg · L20assets/layout-swc-plugin-57.wasmView file
•path = assets/layout-swc-plugin-57.wasm
kind = wasm_module
sizeBytes = 848042
magicHex = [redacted]
Medium
Findings
5 Medium4 Low
MediumDynamic Requiredist/bin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduleassets/layout-swc-plugin-57.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings