registry  /  @looop-games/cli  /  0.1.10

@looop-games/cli@0.1.10

Looop game development CLI — dev server, login, and publishing for standalone Looop games.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. Explicit `looop create` and `looop update` can install and later update platform-owned AI-agent instructions and skills in a game repository from a downloaded engine artifact.

Static reason
No blocking static signals were detected.
Trigger
User runs `looop create` or `looop update` in a game project.
Impact
A remote engine release can introduce or replace package-owned agent guidance in `.claude`/`AGENTS.md`; user-owned or modified files are generally preserved.
Mechanism
Explicit first-party agent-extension setup and managed skill reconciliation.
Rationale
Source inspection found no covert credential harvesting, arbitrary exfiltration, install hook, or unconsented install-time AI-agent control-surface mutation. The explicit remote-managed agent-surface lifecycle warrants a warning under the stated policy.
Evidence
package.jsonbin/looop.mjslib/create.mjslib/update.mjslib/agent-surface.mjslib/engine.mjslib/config.mjslib/llm-shim.mjsAGENTS.md.claude/skills/**.agents/skills.looop/agent-surface.json.looop/backup-<engineVersion>/**~/.looop/config.json~/.looop/cache/**
Network endpoints1
play.looop.games

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `looop create`/`looop update` reconcile an engine-provided agent surface into game repositories.
  • `lib/agent-surface.mjs` writes `.claude/skills/**`, a managed `AGENTS.md` block, and `.looop/agent-surface.json`; it can remove tracked managed files.
  • `lib/create.mjs` creates `.agents/skills` as a symlink to `.claude/skills`.
  • `lib/engine.mjs` downloads an authenticated engine tarball and installs it before agent-surface reconciliation.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • Agent-surface mutation is reached only through explicit `looop create` or `looop update`, not import or install.
  • Surface reconciliation preserves altered/unowned files and records ownership hashes.
  • Network use is package-aligned: login, engine retrieval, publishing, feedback, and a local API proxy to `play.looop.games`.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 98.2 KB of source, external domains: play.looop.games

Source & flagged code

3 flagged · loading source
lib/agent-surface.mjsView file
Published source reference
Medium
Ai Review Evidence

`lib/agent-surface.mjs` writes `.claude/skills/**`, a managed `AGENTS.md` block, and `.looop/agent-surface.json`; it can remove tracked managed files.

lib/agent-surface.mjsView on unpkg
lib/create.mjsView file
Published source reference
Medium
Ai Review Evidence

`lib/create.mjs` creates `.agents/skills` as a symlink to `.claude/skills`.

lib/create.mjsView on unpkg
lib/engine.mjsView file
Published source reference
Medium
Ai Review Evidence

`lib/engine.mjs` downloads an authenticated engine tarball and installs it before agent-surface reconciliation.

lib/engine.mjsView on unpkg

Findings

6 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidencelib/agent-surface.mjs
MediumAi Review Evidencelib/create.mjs
MediumAi Review Evidencelib/engine.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings