AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a developer CLI/plugin that can mutate Claude settings, store tokens, run git/glab/npm commands, and call SCM APIs, but these behaviors are tied to explicit devkit commands and setup/validation workflows.
Decision evidence
public snapshot- dist/setup/claude-settings.js and dist/templates/user-permissions.json can add broad Claude permissions such as Bash(*) and WebFetch(*).
- dist/setup/setup.js can run npm install -g @powerkraut/devkit and sudo fallback, but only after interactive confirmation.
- dist/setup/validate.js performs Bitbucket/Jira/GitLab validation actions including temporary PR/comment creation when user runs validate commands.
- package.json has no install/preinstall/postinstall lifecycle hooks; execution is via devkit bin commands.
- dist/cli.js exposes setup/init/validate/build commands; risky actions are user-invoked, not import-time or install-time.
- Credential writes in dist/credentials/store.js and dist/setup/init.js store user-entered tokens locally under ~/.claude or project .claude/keys, with no credential exfiltration path found.
- Network use is aligned with documented developer workflow: Bitbucket, Jira/Atlassian, GitLab, and npm registry validation/update checks.
- Shell execution is limited to user-requested tooling, git/glab/npm validation, configured build commands, or interactive setup.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/clients/gitlab/mr.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/setup/validate.jsView on unpkg · L135Package source invokes a package manager install command at runtime.
dist/setup/setup.jsView on unpkg · L51This package version adds a dangerous source file absent from the previous stored version.
dist/tasks/story-lookup.jsView on unpkg