AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. Explicit CLI commands can configure a first-party Vault MCP endpoint and register a local Vault daemon.
Decision evidence
public snapshot- `src/mcp-install.ts` can modify `~/.claude.json` and project `.mcp.json` with a Vault MCP entry.
- `src/cli.ts` exposes explicit `mcp-install` and `init --configure-claude-code` paths for that setup.
- `src/cli.ts` has explicit transcription-install paths that download and run locally installed tooling.
- `src/systemd.ts` and `src/launchd.ts` register a persistent Vault daemon only through CLI initialization/autostart.
- `package.json` has no npm preinstall, install, or postinstall lifecycle hook.
- CLI dispatch in `src/cli.ts` activates side effects only for selected user commands; importing the package does not run them.
- MCP setup is package-owned, scoped to Vault entries, and interactive setup previews then confirms the config write.
- Download sources in `src/transcription/install.ts` are fixed GitHub release and Hugging Face URLs for the documented transcription feature.
- No inspected source shows credential harvesting, secret exfiltration, remote payload evaluation, or broad foreign agent-control mutation.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
src/routing.test.tsView on unpkg · L32Source writes installer persistence such as shell profile or service configuration.
src/cli.tsView on unpkg · L24This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/mirror-import.tsView on unpkg