registry  /  @meetless/mla  /  0.2.1

@meetless/mla@0.2.1

Meetless CLI (mla): governed change-control and knowledge for AI coding agents.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Meetless AI-agent governance CLI with explicit user-command wiring for Claude Code hooks/MCP/skills and authenticated Meetless API access, not install-time mutation.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs mla commands such as init, wire, activate, mcp, doctor, login, or uninstall.
Impact
User-commanded local Claude Code integration and Meetless service communication; no credential harvesting, destructive behavior, remote payload execution, or unconsented npm lifecycle control-surface hijack found.
Mechanism
explicit CLI setup and authenticated product API calls
Rationale
Risky primitives are package-aligned and user-invoked: Meetless setup writes Meetless-owned Claude Code integration files and contacts Meetless endpoints, with no npm lifecycle execution. Static inspection found no concrete exfiltration, stealth persistence, destructive behavior, remote payload execution, or unconsented install-time AI-agent control hijack.
Evidence
package.jsonREADME.mddist/cli.jsdist/lib/wire.jsdist/commands/init.jsdist/commands/activate.jsdist/lib/config.jsdist/lib/http.jsdist/connectors/claude-code/plugin-detect.js~/.meetless/cli-config.json~/.meetless/hooks/*~/.claude/settings.json~/.claude.json~/.claude/skills/mla/SKILL.md~/.claude/skills/mla-onboard/SKILL.md~/.claude/agents/*.md.meetless.jsonCLAUDE.md.gitignore
Network endpoints6
meetless.aicontrol.meetless.aiintel.meetless.aiapp.meetless.aigithub.com/Meetless/mla.gitgithub.com/Meetless/mla/issues

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks; only bin maps mla to dist/cli.js.
    • README.md documents explicit user commands: login, activate, doctor, uninstall; npm install only installs the command.
    • dist/lib/wire.js writes Meetless-owned Claude hooks, skills, scout agents, and mcpServers.meetless only via runWire/init/rewire.
    • dist/commands/activate.js writes non-secret .meetless.json and may bootstrap an installed session-start hook only after user activation.
    • dist/lib/config.js defaults to control.meetless.ai/intel.meetless.ai/app.meetless.ai and stores CLI auth config at 0600.
    • dist/connectors/claude-code/plugin-detect.js dynamic subprocess use is local `claude plugin list --json` detection for mla@meetless ownership.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 233 file(s), 2.62 MB of source, external domains: 127.0.0.1, app.meetless.ai, cloud.langfuse.com, control.meetless.ai, github.com, intel.meetless.ai, json-schema.org, meetless.ai, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, storage.googleapis.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

    Source & flagged code

    4 flagged · loading source
    dist/commands/ask.jsView file
    100// (dist/commands -> dist -> cli -> packages). L101: const trueDynamicImport = new Function("u", "return import(u)"); L102: function askCoreDir() {
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/commands/ask.jsView on unpkg · L100
    dist/connectors/claude-code/plugin-detect.jsView file
    58// 64KB, GH #36685): the command redirects to a temp file we then read whole. L59: const fs = __importStar(require("fs")); L60: const os = __importStar(require("os"));
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/connectors/claude-code/plugin-detect.jsView on unpkg · L58
    dist/hooks-template/user-prompt-submit.shView file
    path = dist/hooks-template/user-prompt-submit.sh kind = build_helper sizeBytes = 85228 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    dist/hooks-template/user-prompt-submit.shView on unpkg
    dist/commands/activate.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @meetless/mla@0.2.0 matchedIdentity = npm:QG1lZXRsZXNzL21sYQ:0.2.0 similarity = 0.767 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/commands/activate.jsView on unpkg

    Findings

    1 High5 Medium5 Low
    HighPrevious Version Dangerous Deltadist/commands/activate.js
    MediumDynamic Requiredist/connectors/claude-code/plugin-detect.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperdist/hooks-template/user-prompt-submit.sh
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowEvaldist/commands/ask.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings