AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package is an MCP/CLI developer tool, but MCP startup includes an unprompted global Claude Code keybinding write. Other risky primitives reviewed were package-aligned and mostly user-invoked.
Decision evidence
public snapshot- dist/index.js starts post-handshake startup work automatically in MCP mode.
- dist/index.js imports configureClaudeKeybindings and calls it without an explicit tool request when global config says not configured.
- dist/engine/claude-setup/keybindings-configurator.js writes ~/.claude/keybindings.json, adding Chat enter/shift+enter bindings.
- dist/config/hook-templates/planu-session-safeguard.sh can push the current git branch when fired as a Claude hook.
- package.json has no postinstall/install lifecycle; prepare is only husky || true.
- dist/cli/index.js routes user CLI args or starts MCP server for piped stdin; no hidden install-time execution found.
- dist/tools/rollback-release.js npm/npx child_process use is confined to rollback_release handler, not import-time.
- dist/tools/auto-update-spec.js git diff is a user-invoked spec update helper.
- dist/engine/product-intelligence/index.js queries a package-aligned Supabase telemetry table with an anon key, not credential harvesting.
- dist/engine/auto-updater/config-patcher.js requires confirm=true before patching MCP config.
Source & flagged code
14 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/engine/product-intelligence/index.jsView on unpkg · L7Supabase service role key (JWT) in dist/engine/product-intelligence/index.js
dist/engine/product-intelligence/index.jsView on unpkg · L7Package source references child process execution.
dist/tools/auto-update-spec.jsView on unpkg · L1Package source references shell execution.
dist/engine/verifier/code-scanner.jsView on unpkg · L5Package source references a known benign dynamic code generation pattern.
dist/engine/auditor-security/electron-checks.jsView on unpkg · L74Package source references dynamic require/import behavior.
dist/tools/import-spec-handler.jsView on unpkg · L148Package source references weak cryptographic algorithms.
dist/engine/delete-first/duplication-finder.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/tools/rollback-release.jsView on unpkg · L48Package ships non-JavaScript build or shell helper files.
dist/config/hook-templates/planu-session-safeguard.shView on unpkgHardcoded password in dist/config/mobile-ci-templates/android-github-actions.yml
dist/config/mobile-ci-templates/android-github-actions.ymlView on unpkg · L88Hardcoded password in dist/config/mobile-ci-templates/android-github-actions.yml
dist/config/mobile-ci-templates/android-github-actions.ymlView on unpkg · L90Hardcoded password in dist/engine/ci-generator/android-jobs.js
dist/engine/ci-generator/android-jobs.jsView on unpkg · L95Hardcoded password in dist/engine/ci-generator/android-jobs.js
dist/engine/ci-generator/android-jobs.jsView on unpkg · L97Supabase service role key (JWT) in dist/engine/telemetry/telemetry-client.js
dist/engine/telemetry/telemetry-client.jsView on unpkg · L5