AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack surface. The package is an AI-agent/devkit utility that can explicitly patch Claude settings with broad permissions and operate on Git/Bitbucket/GitLab when the user runs setup/init/validation commands.
Decision evidence
public snapshot- dist/setup/claude-settings.js adds broad Claude permissions including Bash(*) and project write/read entries.
- dist/setup/setup.js explicit setup can run npm install -g @powerkraut/devkit and sudo fallback after prompt.
- dist/setup/init.js writes project CLAUDE.md, .claude/devkit-plugin.json, .claude/keys/*.token via user-invoked init commands.
- dist/setup/validate.js can create/delete Bitbucket comments, branches, and PRs during explicit validation.
- package.json has no preinstall/install/postinstall lifecycle hooks; activation is via devkit bin commands.
- Credential reads/writes stay in ~/.claude/devkit-credentials.json or .claude/keys; no credential exfiltration path found.
- Network use is package-aligned: Bitbucket, GitLab glab, Jira, npm registry validation.
- Shell usage is tied to documented user commands for git/glab/build/setup, not import-time execution.
- No obfuscated payloads, eval/Function execution, native binary loading, or hidden persistence found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/clients/gitlab/mr.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/setup/validate.jsView on unpkgPackage source references dynamic require/import behavior.
dist/setup/validate.jsView on unpkg · L149Package source invokes a package manager install command at runtime.
dist/setup/setup.jsView on unpkg · L51