AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `mx-agent start` writes a first-party Claude configuration and hook set into its managed worktree. The configured Stop hook can invoke telemetry sync when an operator has configured a token; no install-time execution occurs.
Decision evidence
public snapshot- `dist/lib/claude.js` deploys `.claude/settings.json` and executable hooks during `mx-agent start`.
- `dist/agent-config/settings.json` installs Claude lifecycle hooks, including a Stop hook invoking `mx-agent sync`.
- `dist/commands/sync.js` and `dist/commands/pr-sync.js` send local Claude-session/PR metrics to a configured observability API.
- `dist/commands/update.js` can globally reinstall the package, but only through explicit `mx-agent update`.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `dist/index.js` activates commands only after explicit CLI invocation.
- Observability uploads require a configured API token; network errors are handled non-blockingly.
- No eval, remote code download/execution, credential harvesting, or destructive payload was found in inspected paths.
Source & flagged code
6 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/index.jsView on unpkg · L45A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/commands/pr-sync.jsView on unpkg · L53Package ships non-JavaScript build or shell helper files.
dist/agent-config/hooks/git-mutation-guard.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/start.jsView on unpkg