registry  /  @meetless/mla  /  0.2.7

@meetless/mla@0.2.7

Meetless CLI (mla): governed change-control and knowledge for AI coding agents.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. First-party Meetless integration for Claude Code installs hooks, MCP config, skills, local queues/logs, and optional prompt/context telemetry for activated workspaces. This is a sensitive agent-extension surface but source inspection did not show hidden install-time execution or a malicious chain.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs mla init, mla rewire, mla activate, or installed Claude Code hooks fire in an activated workspace.
Impact
Agent prompts, session metadata, governance events, and derived context may be queued locally and sent to Meetless endpoints after setup/activation.
Mechanism
User-invoked Claude Code hook/MCP/skill setup with local spooling and Meetless API calls
Rationale
The package performs explicit first-party AI-agent integration and telemetry aligned with its stated Meetless CLI purpose, but that control surface is sensitive enough to warn. No unconsented npm install-time mutation, covert credential harvesting, arbitrary remote payload execution, destructive behavior, or broad AI-agent hijack was found.
Evidence
package.jsondist/cli.jsdist/lib/config.jsdist/lib/wire.jsdist/commands/init.jsdist/commands/rewire.jsdist/hooks-template/user-prompt-submit.shdist/hooks-template/common.shdist/connectors/claude-code/plugin-detect.jsdist/lib/spool.js~/.meetless/cli-config.json~/.meetless/hooks/*~/.meetless/queue/*~/.meetless/logs/*~/.claude/settings.json~/.claude.json~/.claude/skills/mla/SKILL.md~/.claude/skills/mla-onboard/SKILL.md~/.claude/agents/*.mdCLAUDE.md.meetless.json
Network endpoints5
control.meetless.aiintel.meetless.aiapp.meetless.aistorage.googleapis.com/meetless-public/cli/releases/latest/VERSIONstorage.googleapis.com/meetless-public/cli/releases/latest/manifest.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/lib/config.js defines Meetless endpoints: control.meetless.ai, intel.meetless.ai, app.meetless.ai.
  • dist/hooks-template/user-prompt-submit.sh captures prompts in activated workspaces and can call intel /v1/ask.
  • dist/lib/wire.js writes Claude Code hooks, MCP config, skills, agents, and a CLAUDE.md rules block.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; only user-invoked bin dist/cli.js.
  • dist/commands/init.js and dist/commands/rewire.js make setup explicit via mla init/rewire, with opt-outs for hooks/MCP/project rules.
  • Hooks are gated on .meetless.json activation or fail-soft no-op behavior; CE0 hooks emit {} and do not block turns.
  • Network behavior is package-aligned Meetless telemetry/governance/update traffic, not arbitrary exfiltration.
  • dist/connectors/claude-code/plugin-detect.js only inspects local claude plugin list and fails safe.
  • dist/lib/spool.js queue cleanup is age-gated and limited to recognized Meetless queue artifacts.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 234 file(s), 2.69 MB of source, external domains: 127.0.0.1, app.meetless.ai, cloud.langfuse.com, control.meetless.ai, github.com, intel.meetless.ai, json-schema.org, meetless.ai, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, storage.googleapis.com, tools.ietf.org, www.safaribooksonline.com, www.w3.org

Source & flagged code

4 flagged · loading source
dist/commands/ask.jsView file
100// (dist/commands -> dist -> cli -> packages). L101: const trueDynamicImport = new Function("u", "return import(u)"); L102: function askCoreDir() {
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/commands/ask.jsView on unpkg · L100
dist/connectors/claude-code/plugin-detect.jsView file
58// 64KB, GH #36685): the command redirects to a temp file we then read whole. L59: const fs = __importStar(require("fs")); L60: const os = __importStar(require("os"));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/connectors/claude-code/plugin-detect.jsView on unpkg · L58
dist/hooks-template/user-prompt-submit.shView file
path = dist/hooks-template/user-prompt-submit.sh kind = build_helper sizeBytes = 85228 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/hooks-template/user-prompt-submit.shView on unpkg
dist/lib/spool.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @meetless/mla@0.2.6 matchedIdentity = npm:QG1lZXRsZXNzL21sYQ:0.2.6 similarity = 0.933 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/lib/spool.jsView on unpkg

Findings

1 High5 Medium5 Low
HighPrevious Version Dangerous Deltadist/lib/spool.js
MediumDynamic Requiredist/connectors/claude-code/plugin-detect.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/hooks-template/user-prompt-submit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/commands/ask.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings