AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `mushi connect` command configures a Cursor MCP server. It stores supplied Mushi credentials in a project-local Cursor configuration that executes the package-owned MCP via npx.
Decision evidence
public snapshot- `mushi connect` writes `.cursor/mcp.json` with Mushi API credentials.
- MCP entry runs `npx -y @mushi-mushi/mcp` when the IDE loads it.
- `mushi doctor --fix` can call the same connect flow.
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- Writes occur only through explicit CLI commands, not import-time execution.
- Config and project writes are package-aligned and credential files are gitignored/warned.
- No source evidence of credential harvesting, stealth exfiltration, eval, or shell execution.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
dist/index.jsView on unpkg · L55A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L55Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L55