registry  /  @poolzin/plcode  /  3.0.0

@poolzin/plcode@3.0.0

AI coding agent with multi-agent orchestration and a terminal-first workflow

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Running `plcode` automatically loads the package-owned agent configuration. Its configuration loader writes dependency metadata and installs a plugin into discovered configuration directories; the bundled configuration enables remote and local MCP integrations.

Static reason
No blocking static signals were detected.
Trigger
User runs the `plcode` CLI.
Impact
Unconsented runtime changes in PLCODE config directories and execution of newly installed extension tooling; no concrete malicious payload chain was confirmed.
Mechanism
Automatic agent-extension dependency installation and enabled MCP/plugin configuration.
Rationale
The package has no install hooks or confirmed malicious behavior, but its default runtime configuration automatically provisions agent extensions and enabled integrations after a user invokes the CLI. This warrants a warning under the agent-extension lifecycle policy.
Evidence
package.jsonbin/plcodelib/cli.js.plcode/plcode.jsonc.plcode/plugin/github-triage.ts.plcode/plugin/notification.ts.plcode/plugin/superpowers.js
Network endpoints1
mcp.exa.ai/mcp?tools=web_search_exa,get_code_context_exa,crawling_exa,company_research_exa,linkedin_search_exa,deep_researcher_start,deep_researcher_check

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/cli.js` loads the bundled `.plcode` directory on every `plcode` CLI launch.
  • `lib/cli.js` writes `package.json` and `.gitignore` then runs `bun add @plcode-ai/plugin@<version>` for each config directory.
  • `.plcode/plcode.jsonc` enables third-party plugins, a remote Exa MCP endpoint, and `npx -y chrome-devtools-mcp@latest`.
  • The configured dependency/plugin lifecycle can affect global and project `.plcode` configuration directories.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle scripts.
  • `bin/plcode` only sets package-local paths and imports `lib/cli.js` after an explicit CLI invocation.
  • No source evidence of credential harvesting, covert exfiltration, destructive behavior, or foreign AI-agent config writes.
  • The flagged PDF, fonts, and skill helpers are bundled assets or user-invoked development/document tooling.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 512 KB of source, external domains: registry.npmjs.org
Oversized source lightweight scan
lib/cli.js10.2 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringsregistry.npmjs.org
lib/worker.js7.99 MB file, sampled 256 KB
ChildProcessEnvironmentVarsHighEntropyStrings

Source & flagged code

5 flagged · loading source
.plcode/skill/experimental/ui-ux-pro-max/scripts/core.pyView file
path = .plcode/skill/experimental/ui-ux-pro-max/scripts/core.py kind = payload_in_excluded_dir sizeBytes = 9019 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.plcode/skill/experimental/ui-ux-pro-max/scripts/core.pyView on unpkg
path = .plcode/skill/experimental/ui-ux-pro-max/scripts/core.py kind = build_helper sizeBytes = 9019 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.plcode/skill/experimental/ui-ux-pro-max/scripts/core.pyView on unpkg
.plcode/skill/experimental/theme-factory/theme-showcase.pdfView file
path = .plcode/skill/experimental/theme-factory/theme-showcase.pdf kind = high_entropy_blob sizeBytes = 124310 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.plcode/skill/experimental/theme-factory/theme-showcase.pdfView on unpkg
lib/worker.jsView file
path = lib/worker.js kind = oversized_source_file sizeBytes = 8376104 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

lib/worker.jsView on unpkg
lib/cli.jsView file
path = lib/cli.js kind = oversized_cli_entrypoint sizeBytes = 10731878 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

lib/cli.jsView on unpkg

Findings

3 High5 Medium3 Low
HighShips High Entropy Blob.plcode/skill/experimental/theme-factory/theme-showcase.pdf
HighPayload In Excluded Dir.plcode/skill/experimental/ui-ux-pro-max/scripts/core.py
HighOversized Source Filelib/worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helper.plcode/skill/experimental/ui-ux-pro-max/scripts/core.py
MediumOversized Cli Entrypointlib/cli.js
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings