AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Running `plcode` automatically loads the package-owned agent configuration. Its configuration loader writes dependency metadata and installs a plugin into discovered configuration directories; the bundled configuration enables remote and local MCP integrations.
Decision evidence
public snapshot- `lib/cli.js` loads the bundled `.plcode` directory on every `plcode` CLI launch.
- `lib/cli.js` writes `package.json` and `.gitignore` then runs `bun add @plcode-ai/plugin@<version>` for each config directory.
- `.plcode/plcode.jsonc` enables third-party plugins, a remote Exa MCP endpoint, and `npx -y chrome-devtools-mcp@latest`.
- The configured dependency/plugin lifecycle can affect global and project `.plcode` configuration directories.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle scripts.
- `bin/plcode` only sets package-local paths and imports `lib/cli.js` after an explicit CLI invocation.
- No source evidence of credential harvesting, covert exfiltration, destructive behavior, or foreign AI-agent config writes.
- The flagged PDF, fonts, and skill helpers are bundled assets or user-invoked development/document tooling.
Source & flagged code
5 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.plcode/skill/experimental/ui-ux-pro-max/scripts/core.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.plcode/skill/experimental/ui-ux-pro-max/scripts/core.pyView on unpkgPackage ships high-entropy non-source blobs.
.plcode/skill/experimental/theme-factory/theme-showcase.pdfView on unpkgPackage contains source files above the static scanner size ceiling.
lib/worker.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
lib/cli.jsView on unpkg