registry  /  @meetless/mla  /  0.2.0

@meetless/mla@0.2.0

Meetless CLI (mla): governed change-control and knowledge for AI coding agents.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The main risk is explicit first-party AI-agent integration setup that writes Claude hooks, skills, agents, and an MCP server entry when the user runs setup commands.

Static reason
No blocking static signals were detected.
Trigger
User runs `mla init`, `mla rewire`, or installed Claude hooks in an activated workspace.
Impact
Captures Meetless workflow events and sends them to configured Meetless control/intel services; modifies Claude user config only through explicit setup commands.
Mechanism
first-party Claude hook/MCP/skill wiring and telemetry capture
Rationale
Because the package modifies AI-agent control surfaces only through explicit first-party setup commands and no install-time or hidden malicious chain was found, it should not be blocked. The Claude hook/MCP lifecycle risk is real enough to warn rather than mark fully clean.
Evidence
package.jsondist/cli.jsdist/commands/init.jsdist/commands/rewire.jsdist/lib/wire.jsdist/lib/config.jsdist/lib/http.jsdist/lib/mcp-fetchers.jsdist/pretool-entry.jsdist/hooks-template/user-prompt-submit.shdist/hooks-template/post-tool-use.shdist/hooks-template/stop.sh~/.meetless/cli-config.json~/.meetless/hooks/*~/.claude/settings.json~/.claude.json~/.claude/skills/mla/SKILL.md~/.claude/skills/mla-onboard/SKILL.md~/.claude/agents/*.md.meetless.json
Network endpoints6
control.meetless.aiintel.meetless.aiapp.meetless.aimeetless.aigithub.com/Meetless/mla.gitgithub.com/Meetless/mla/issues

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/commands/init.js runs wire setup only when user invokes `mla init`; no npm lifecycle hook triggers it.
  • dist/lib/wire.js writes Claude hooks to ~/.claude/settings.json and registers `mcpServers.meetless` in ~/.claude.json.
  • dist/lib/wire.js installs package-owned Claude skills and scout agents under ~/.claude/skills and ~/.claude/agents.
  • dist/hooks-template/*.sh captures prompts/tool/session events in activated repos and can flush to configured Meetless control endpoints.
Evidence against
  • package.json has no preinstall/install/postinstall scripts; only bin `mla` points to dist/cli.js.
  • Setup is explicit user-command behavior (`mla init`/`mla rewire`), not install-time mutation.
  • Hooks gate on `.meetless.json` activation and include mute/deactivate paths, fail-soft behavior, and no hidden broad activation on npm install.
  • Network endpoints are package-aligned defaults in dist/lib/config.js: control, intel, and app Meetless hosts.
  • Dynamic import in dist/commands/mcp.js loads bundled/declared @meetless MCP code; eval-like use is for import shim, not arbitrary payload execution.
  • No evidence of credential harvesting, remote payload execution, destructive behavior, or persistence outside declared Meetless/Claude integration setup.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 216 file(s), 2.42 MB of source, external domains: 127.0.0.1, app.meetless.ai, cloud.langfuse.com, control.meetless.ai, github.com, intel.meetless.ai, json-schema.org, meetless.ai, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, storage.googleapis.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

Source & flagged code

3 flagged · loading source
dist/commands/ask.jsView file
100// (dist/commands -> dist -> cli -> packages). L101: const trueDynamicImport = new Function("u", "return import(u)"); L102: function askCoreDir() {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/commands/ask.jsView on unpkg · L100
dist/pretool-entry.jsView file
19// entrypoint fault can never escalate into a blocking hook decision. L20: const internal_pretool_observe_1 = require("./commands/internal-pretool-observe"); L21: /**
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/pretool-entry.jsView on unpkg · L19
dist/hooks-template/user-prompt-submit.shView file
path = dist/hooks-template/user-prompt-submit.sh kind = build_helper sizeBytes = 77051 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/hooks-template/user-prompt-submit.shView on unpkg

Findings

5 Medium5 Low
MediumDynamic Requiredist/pretool-entry.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/hooks-template/user-prompt-submit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/commands/ask.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings