AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. Explicit `looop create` and `looop update` can install and reconcile an engine-supplied agent surface in a game project, including managed `AGENTS.md` content.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `looop create` or `looop update` in a game project.
Impact
Changes AI-agent-visible project instructions and skills; modified or unowned files are retained rather than overwritten.
Mechanism
Authenticated engine download followed by project-scoped agent instruction and skill reconciliation.
Rationale
Source inspection found a guarded, explicit project agent-surface setup path rather than malware. Per policy, first-party package-owned agent extension setup warrants a warning even though no unconsented install-time mutation was found.
Evidence
package.jsonbin/looop.mjslib/create.mjslib/update.mjslib/agent-surface.mjslib/engine.mjslib/feedback.mjsAGENTS.md.claude/skills/.agents/skills.looop/agent-surface.json
Network endpoints1
play.looop.games/api/creator/engine
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `lib/update.mjs` explicitly updates project `.claude/skills/` and `AGENTS.md`.
- `lib/agent-surface.mjs` copies, rewrites, and removes package-owned agent-surface files.
- `lib/engine.mjs` downloads an authenticated engine tarball before reconciliation.
- `lib/create.mjs` creates `.agents/skills` as a symlink to `.claude/skills`.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `bin/looop.mjs` invokes mutation only for explicit `create` or `update` commands.
- `lib/agent-surface.mjs` tracks hashes and preserves modified or unowned files.
- `lib/feedback.mjs` confines uploaded attachments to the game directory and requires `looop feedback`.
- Observed network calls target the package-aligned Looop service with bearer authentication.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/lint.mjsView file
31try {
L32: const req = createRequire(join(projectDir, 'package.json'));
L33: const mod = await import(pathToFileURL(req.resolve('eslint')).href);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/lint.mjsView on unpkg · L31lib/test-cmd.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @looop-games/cli@0.1.16
matchedIdentity = npm:QGxvb29wLWdhbWVzL2NsaQ:0.1.16
similarity = 0.920
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/test-cmd.mjsView on unpkgFindings
1 High3 Medium4 Low
HighPrevious Version Dangerous Deltalib/test-cmd.mjs
MediumDynamic Requirelib/lint.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings