AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `mj install:claude` or `mj update:claude`.
Impact
Can add or update `CLAUDE.md` and `.claude` pack files in the user-selected project after an explicit command.
Mechanism
explicit remote Claude-pack fetch and target-project agent configuration merge
Rationale
The package is not malicious by source evidence, but it has an explicit user-command capability to mutate AI-agent project configuration from remotely fetched content. Per policy, retain a non-blocking warn rather than treating that capability as clean.
Evidence
package.jsonbin/run.jsdist/hooks/init.jsdist/commands/install/claude.jsdist/commands/update/claude.jsdist/lib/claude-pack/PackFetcher.jsdist/lib/claude-pack/PackMerger.jsdist/lib/claude-pack/PackInstaller.jsdist/lib/claude-pack/SettingsMerger.js
Network endpoints1
raw.githubusercontent.com/MemberJunction/MJ
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/commands/install/claude.js` offers a user-invoked Claude pack installer.
- `dist/lib/claude-pack/PackFetcher.js` retrieves pack files from MemberJunction GitHub content.
- `dist/lib/claude-pack/PackMerger.js` writes `CLAUDE.md` and `.claude/*` into the chosen target directory.
Evidence against
- `package.json` defines no npm `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/run.js` only loads dotenv and dispatches the oclif CLI.
- `dist/hooks/init.js` only loads the current project's `.env`; no automatic agent-configuration mutation was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcebin/dev.cmdView file
•path = bin/dev.cmd
kind = build_helper
sizeBytes = 32
magicHex = [redacted]
Medium
Findings
4 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/dev.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings