AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package has lifecycle-triggered AI-agent control-surface mutation. On install it can register its MCP server and copy package-supplied agent instructions/rules into workspace or user-level agent configuration files.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/safe-postinstall.cjs
- scripts/safe-postinstall.cjs auto-injects GraphFlow MCP into existing workspace .cursor/mcp.json and .vscode/mcp.json during local install
- global/explicit postinstall calls installMcpToDetectedAgents, which writes user MCP configs for Claude Code, Codex, Cursor, VS Code, Gemini, Cline, Roo Code, Kilo Code, Windsurf, etc.
- postinstall copies package-supplied CLAUDE.md to ~/.claude/CLAUDE.md and Cursor rules to ~/.cursor/rules/graphflow.mdc when markers exist
- dist/integrations/agent-mcp-installer.js creates or updates broad AI-agent control files, including ~/.claude.json and ~/.codex/config.toml
- MCP entries launch npx -y --package=@roarpeng/graphflow graphflow-mcp
- Postinstall skips in CI or GRAPHFLOW_SKIP_POSTINSTALL=1
- Local install without existing workspace MCP config prints manual install guidance instead of global mutation
- Network calls in provider adapters use user API keys for package-aligned LLM features
- No credential harvesting or arbitrary remote payload execution found beyond registering its own MCP server
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/core/dag-checkpoint.jsView on unpkg · L18Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/safe-postinstall.cjsView on unpkg · L1Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/integrations/agent-mcp-installer.jsView on unpkg