AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a documented CLI that stores Mushi credentials, writes project env files, and optionally wires package-aligned MCP server entries only when the user runs CLI setup/connect commands.
Decision evidence
public snapshot- dist/index.js user-invoked setup/connect can write .cursor/.claude/.continue/Zed MCP configs with npx @mushi-mushi/mcp@latest and MUSHI credentials
- dist/init.js init can install framework SDK packages and append MUSHI_* values to .env.local/.env after interactive setup
- dist/init.js sends opt-out funnel/test-report requests with the Mushi API key to the configured endpoint
- package.json has no npm lifecycle scripts; only bin is ./dist/index.js
- README.md documents init/connect/setup behavior including env writes, Cursor MCP wiring, credentials, and update check
- dist/index.js only registers CLI commands at import/entry; risky writes occur from explicit commands, not install-time
- dist/chunk-LDPFTQLE.js default endpoint is package-aligned Mushi Cloud and enforces https except local hosts
- No broad environment harvesting found; env reads are MUSHI_* config, CI/debug flags, package-manager detection, and BYOK only for explicit keys add
- MCP/IDE writes are package-named and user-invoked, with dry-run/no-ide/no-env controls and gitignore warnings
Source & flagged code
4 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L52A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L52Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L52This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-BWASDQI6.jsView on unpkg