AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package changes the current repository's Git hooks path through its `prepare` lifecycle script. Separate explicit CLI commands can generate a first-party Claude plugin or register a Photon MCP server in Claude Desktop. No credential exfiltration, remote payload execution, or stealth persistence was confirmed.
Decision evidence
public snapshot- package.json: `prepare` runs `git config core.hooksPath .githooks || true` during lifecycle execution.
- dist/claude-code-plugin.js can generate a Claude SessionStart hook that globally installs `@portel/photon` if absent.
- dist/cli/commands/mcp.js can rewrite Claude Desktop MCP config, but only through explicit `photon mcp install <name>`.
- No shipped `.githooks` assets were found, so the lifecycle config can still alter a repository hook path.
- package.json has no `preinstall`, `install`, or `postinstall` hook.
- bin/photon and dist/cli.js only launch the CLI; they do not perform import-time harvesting or network activity.
- dist/cli/commands/mcp.js wires config mutation solely to the explicit nested `mcp install` command.
- dist/claude-code-plugin.js is invoked only by explicit `photon maker sync --claude-code`; generated credential setup is interactive.
- dist/template-manager.js blocks dangerous identifiers and shadows process/require/global globals around its templating evaluator.
- dist/shared/sqlite-runtime.js dynamically loads only Bun SQLite or optional better-sqlite3; no remote payload source was found.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
dist/shared-utils.jsView on unpkg · L7Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/commands/build.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/template-manager.jsView on unpkg · L181Package source references dynamic require/import behavior.
dist/shared/sqlite-runtime.jsView on unpkg · L33Source writes installer persistence such as shell profile or service configuration.
dist/cli-alias.jsView on unpkg · L16A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/commands/dev.jsView on unpkg · L172Package contains source files above the static scanner size ceiling.
dist/beam.bundle.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/auto-ui/beam.jsView on unpkg