AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The MCP server automatically changes Claude Code configuration when the server boots, including its own MCP registration and S4L worker permissions/trust state. The npm CLI also installs S4L browser-agent configuration after an explicit init/update command.
Decision evidence
public snapshot- mcp/dist/index.js self-registers an MCP server in ~/.claude.json on server boot.
- mcp/dist/index.js writes tool allow-rules to ~/.claude/settings.json and marks ~/.s4l-worker trusted.
- bin/cli.js init explicitly copies browser-agent configs into ~/.claude/browser-agent-configs.
- bin/cli.js user-invoked setup downloads/install tools via curl, git, pip, and uv.
- package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
- CLI mutations require explicit init/update commands; npm installation alone has no hook.
- Config writes target this package's social-autoposter MCP, workers, and browser automation setup.
- Observed HTTP endpoints are loopback CDP probes or named installer sources; no credential-exfiltration path was confirmed.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
bin/cookie-helper.jsView on unpkg · L13Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/cookie-helper.jsView on unpkg · L31Package source references dynamic require/import behavior.
bin/cookie-helper.jsView on unpkg · L13Source writes installer persistence such as shell profile or service configuration.
bin/scheduler/launchd.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L848Package ships non-JavaScript build or shell helper files.
skill/dm-outreach-reddit.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
mcp/dist/index.jsView on unpkg