AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The main risk is explicit first-party AI-agent integration setup that writes Claude hooks, skills, agents, and an MCP server entry when the user runs setup commands.
Static reason
No blocking static signals were detected.
Trigger
User runs `mla init`, `mla rewire`, or installed Claude hooks in an activated workspace.
Impact
Captures Meetless workflow events and sends them to configured Meetless control/intel services; modifies Claude user config only through explicit setup commands.
Mechanism
first-party Claude hook/MCP/skill wiring and telemetry capture
Rationale
Because the package modifies AI-agent control surfaces only through explicit first-party setup commands and no install-time or hidden malicious chain was found, it should not be blocked. The Claude hook/MCP lifecycle risk is real enough to warn rather than mark fully clean.
Evidence
package.jsondist/cli.jsdist/commands/init.jsdist/commands/rewire.jsdist/lib/wire.jsdist/lib/config.jsdist/lib/http.jsdist/lib/mcp-fetchers.jsdist/pretool-entry.jsdist/hooks-template/user-prompt-submit.shdist/hooks-template/post-tool-use.shdist/hooks-template/stop.sh~/.meetless/cli-config.json~/.meetless/hooks/*~/.claude/settings.json~/.claude.json~/.claude/skills/mla/SKILL.md~/.claude/skills/mla-onboard/SKILL.md~/.claude/agents/*.md.meetless.json
Network endpoints6
control.meetless.aiintel.meetless.aiapp.meetless.aimeetless.aigithub.com/Meetless/mla.gitgithub.com/Meetless/mla/issues
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
- dist/commands/init.js runs wire setup only when user invokes `mla init`; no npm lifecycle hook triggers it.
- dist/lib/wire.js writes Claude hooks to ~/.claude/settings.json and registers `mcpServers.meetless` in ~/.claude.json.
- dist/lib/wire.js installs package-owned Claude skills and scout agents under ~/.claude/skills and ~/.claude/agents.
- dist/hooks-template/*.sh captures prompts/tool/session events in activated repos and can flush to configured Meetless control endpoints.
Evidence against
- package.json has no preinstall/install/postinstall scripts; only bin `mla` points to dist/cli.js.
- Setup is explicit user-command behavior (`mla init`/`mla rewire`), not install-time mutation.
- Hooks gate on `.meetless.json` activation and include mute/deactivate paths, fail-soft behavior, and no hidden broad activation on npm install.
- Network endpoints are package-aligned defaults in dist/lib/config.js: control, intel, and app Meetless hosts.
- Dynamic import in dist/commands/mcp.js loads bundled/declared @meetless MCP code; eval-like use is for import shim, not arbitrary payload execution.
- No evidence of credential harvesting, remote payload execution, destructive behavior, or persistence outside declared Meetless/Claude integration setup.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/commands/ask.jsView file
100// (dist/commands -> dist -> cli -> packages).
L101: const trueDynamicImport = new Function("u", "return import(u)");
L102: function askCoreDir() {
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/commands/ask.jsView on unpkg · L100dist/pretool-entry.jsView file
19// entrypoint fault can never escalate into a blocking hook decision.
L20: const internal_pretool_observe_1 = require("./commands/internal-pretool-observe");
L21: /**
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/pretool-entry.jsView on unpkg · L19dist/hooks-template/user-prompt-submit.shView file
•path = dist/hooks-template/user-prompt-submit.sh
kind = build_helper
sizeBytes = 77051
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
dist/hooks-template/user-prompt-submit.shView on unpkgFindings
5 Medium5 Low
MediumDynamic Requiredist/pretool-entry.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/hooks-template/user-prompt-submit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/commands/ask.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings