AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The package does perform first-party MCP/Claude extension setup and optional launchd persistence when explicitly invoked by the user, so it carries agent extension lifecycle risk rather than blockable malware.
Decision evidence
public snapshot- Explicit `install` command writes Claude MCP configs in `dist/install-mcp.js`.
- Explicit `install-skill` writes Claude skill files in `dist/install-skill.js`.
- Explicit `install --daemon` installs a macOS launchd service and rewrites Claude configs in `dist/install-daemon.js`.
- `package.json` has no install/preinstall/postinstall lifecycle hooks; only `prepublishOnly`.
- Default bin starts an MCP stdio server from `dist/index.js`; install mutations require user subcommands.
- Network calls in `dist/client/http.js` and installer probes target configured Deployik URL with Bearer token.
- Daemon binds to localhost by default and rejects non-local clients in `dist/daemon.js`.
- No eval/vm/native binary loading or remote payload execution found.
- Credential use is package-aligned: `DEPLOYIK_TOKEN` is sent only as Authorization to Deployik API or stored in explicit config/plist.
Source & flagged code
2 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/install-daemon.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/install-daemon.jsView on unpkg · L8