AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious attack chain is confirmed. The package is an agent workflow CLI that explicitly installs first-party hooks/plugins and local scripts into supported coding-agent surfaces.
Decision evidence
public snapshot- User-invoked `momentum init/upgrade` installs agent control files: `.codex/hooks.json`, `.claude/settings.json`, `.agents/hooks.json`, `.opencode/plugins/momentum.js`.
- Installed hooks run local scripts such as `scripts/brainstorm-gate.sh`, `scripts/check-history-reminder.sh`, and `scripts/sessionstart-handoff.sh`.
- Adapters can spawn local AI CLIs (`claude`, `codex`, `agy`, `opencode`) from explicit swarm/orchestration flows.
- CLI performs a user-command update check to `https://registry.npmjs.org/@limina-labs/momentum/latest`.
- Antigravity spawn uses `--dangerously-skip-permissions`, but only inside explicit `swarm` dispatch logic.
- `package.json` has no install/preinstall/postinstall hooks; only `prepublishOnly`.
- Entrypoint is a CLI bin (`bin/momentum.js`), with no import-time install mutation observed.
- Agent/hook writes are package-aligned scaffolding and occur through explicit `init`/`upgrade` commands.
- Existing config files are skipped or backed up rather than silently clobbered in reviewed paths.
- No credential harvesting, broad file exfiltration, remote payload download/execute, or destructive persistence found.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
core/ecosystem/lib/index.jsView on unpkg · L20Package ships non-JavaScript build or shell helper files.
core/ecosystem/scripts/session-append.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/momentum.jsView on unpkg