AI Security Review
scanned 13d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package is a user-invoked SiteDesk installer that mutates host services and Claude Code control surfaces. The risky surface is automatic bypass-permissions seeding, trust/onboarding preseed, plugin installation, and agent registration inside a brand-scoped Claude config.
Decision evidence
public snapshot- dist/index.js bin runs a broad system installer with sudo apt/systemctl/chattr, npm installs, curl downloads, and service registration.
- dist/permissions-seed.js writes settings.json with permissions.defaultMode="bypassPermissions" under the brand Claude config.
- dist/index.js primes .sitedesk-code/.claude/.claude.json with hasCompletedOnboarding and hasTrustDialogAccepted for $HOME.
- dist/index.js registers Claude plugin marketplaces and installs/resyncs local and external plugins in CLAUDE_CONFIG_DIR.
- dist/specialist-registration.js symlinks bundled specialist agents into $CLAUDE_CONFIG_DIR/agents.
- dist/install-immutability.js makes server/platform/premium-plugins immutable with chattr +i after install.
- package.json has no install/postinstall/preinstall hook; dangerous behavior is reached by explicit bin execution, not npm install import-time execution.
- Network endpoints are installer-aligned package/dependency sources rather than evidence of credential exfiltration.
- Neo4j and remote-session secrets are generated locally and written to brand config with restrictive modes.
- No source evidence found of harvesting arbitrary env/files and exfiltrating them to attacker-controlled infrastructure.
- Payload appears to be a full SiteDesk platform bundle matching package description.
Source & flagged code
20 flagged · loading sourcePackage contains a possible secret pattern.
payload/platform/scripts/smoke-boot-services.shView on unpkg · L317A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/index.jsView on unpkg · L134Source downloads or fetches remote code and executes it.
dist/index.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L1066Source writes installer persistence such as shell profile or service configuration.
dist/index.jsView on unpkg · L1Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships non-JavaScript build or shell helper files.
payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/__tests__/restatement-ladder.test.shView on unpkgPackage ships high-entropy non-source blobs.
payload/server/public/assets/cormorant-latin-ext-500-normal-AH9qog1s.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version.
payload/platform/plugins/admin/mcp/dist/index.jsView on unpkgHardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-delete.test.jsView on unpkg · L52Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L28Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L43Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L57Hardcoded password in payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.js
payload/platform/plugins/email/mcp/dist/__tests__/email-setup.test.jsView on unpkg · L127Hardcoded password in payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.ts
payload/platform/lib/task-secrets/src/__tests__/redact-secrets.test.tsView on unpkg · L73