registry  /  @layoutdesign/context  /  0.17.0

@layoutdesign/context@0.17.0

Design system context for AI coding agents — MCP server + CLI + live preview

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Starting the package's MCP server can alter the user's global Claude MCP configuration. It replaces Figma registration and may register Playwright without an explicit remediation request.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Run `layout-context serve` or start the configured Layout MCP server.
Impact
Unconsented persistent user-scoped AI-agent extension changes and external MCP registration.
Mechanism
Runtime Claude MCP reconfiguration via `claude mcp` and `~/.claude.json` writes.
Rationale
This is not install-time malware, but the automatic global Claude MCP mutation on ordinary server startup is a concrete agent-extension lifecycle risk. Warn rather than block because setup behavior is product-aligned and no exfiltration, destructive action, or remote code-execution chain was found.
Evidence
package.jsondist/src/mcp/server.jsdist/src/cli/setup-utils.jsdist/src/cli/install.jsdist/src/update-check.js~/.claude.jsonClaude user-scoped MCP configuration
Network endpoints1
mcp.figma.com/mcp

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/src/mcp/server.js` calls setup fixes during every `serve` startup.
  • `dist/src/cli/setup-utils.js` rewrites `~/.claude.json` when it detects an old Figma MCP entry.
  • `dist/src/cli/setup-utils.js` removes and adds user-scoped Claude MCP servers for Figma and Playwright.
  • These mutations occur without a `fix` flag when the MCP server starts.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • The CLI `install` command is explicitly user-invoked and project setup is package-aligned.
  • No eval/vm/native loader or credential/environment harvesting was found.
  • Network use is for npm update checks, Layout gallery downloads, localhost preview, and Figma MCP integration.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 68 file(s), 362 KB of source, external domains: cdn.tailwindcss.com, docs.anthropic.com, layout.design, mcp.figma.com, nodejs.org, registry.npmjs.org, ui.staging.layout.design, unpkg.com, www.figma.com

Source & flagged code

3 flagged · loading source
dist/bin/cli.jsView file
20import { notifyIfUpdate } from "../src/update-check.js"; L21: const require = createRequire(import.meta.url); L22: const pkg = require("../../package.json");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/bin/cli.jsView on unpkg · L20
assets/layout-swc-plugin-57.wasmView file
path = assets/layout-swc-plugin-57.wasm kind = wasm_module sizeBytes = 848042 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

assets/layout-swc-plugin-57.wasmView on unpkg
dist/src/cli/install.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @layoutdesign/context@0.16.0 matchedIdentity = npm:QGxheW91dGRlc2lnbi9jb250ZXh0:0.16.0 similarity = 0.940 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/cli/install.jsView on unpkg

Findings

1 High5 Medium4 Low
HighPrevious Version Dangerous Deltadist/src/cli/install.js
MediumDynamic Requiredist/bin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduleassets/layout-swc-plugin-57.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings