registry  /  @looop-games/cli  /  0.1.17

@looop-games/cli@0.1.17

Looop game development CLI — dev server, login, and publishing for standalone Looop games.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior is present. Explicit `looop create` and `looop update` can install and reconcile an engine-supplied agent surface in a game project, including managed `AGENTS.md` content.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `looop create` or `looop update` in a game project.
Impact
Changes AI-agent-visible project instructions and skills; modified or unowned files are retained rather than overwritten.
Mechanism
Authenticated engine download followed by project-scoped agent instruction and skill reconciliation.
Rationale
Source inspection found a guarded, explicit project agent-surface setup path rather than malware. Per policy, first-party package-owned agent extension setup warrants a warning even though no unconsented install-time mutation was found.
Evidence
package.jsonbin/looop.mjslib/create.mjslib/update.mjslib/agent-surface.mjslib/engine.mjslib/feedback.mjsAGENTS.md.claude/skills/.agents/skills.looop/agent-surface.json
Network endpoints1
play.looop.games/api/creator/engine

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/update.mjs` explicitly updates project `.claude/skills/` and `AGENTS.md`.
  • `lib/agent-surface.mjs` copies, rewrites, and removes package-owned agent-surface files.
  • `lib/engine.mjs` downloads an authenticated engine tarball before reconciliation.
  • `lib/create.mjs` creates `.agents/skills` as a symlink to `.claude/skills`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • `bin/looop.mjs` invokes mutation only for explicit `create` or `update` commands.
  • `lib/agent-surface.mjs` tracks hashes and preserves modified or unowned files.
  • `lib/feedback.mjs` confines uploaded attachments to the game directory and requires `looop feedback`.
  • Observed network calls target the package-aligned Looop service with bearer authentication.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 165 KB of source, external domains: play.looop.games, www.partykit.io

Source & flagged code

2 flagged · loading source
lib/lint.mjsView file
31try { L32: const req = createRequire(join(projectDir, 'package.json')); L33: const mod = await import(pathToFileURL(req.resolve('eslint')).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/lint.mjsView on unpkg · L31
lib/test-cmd.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @looop-games/cli@0.1.16 matchedIdentity = npm:QGxvb29wLWdhbWVzL2NsaQ:0.1.16 similarity = 0.920 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/test-cmd.mjsView on unpkg

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltalib/test-cmd.mjs
MediumDynamic Requirelib/lint.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings