AI Security Review
scanned 7d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package includes user-invoked Sanity MCP and agent-skill setup that can mutate AI editor configuration. This is a guarded first-party integration path rather than install-time hijacking or malware.
Decision evidence
public snapshot- dist/actions/mcp/writeMCPConfig.js writes Sanity MCP server entries into detected editor config files
- dist/actions/mcp/editorConfigs.js targets broad AI editor config paths including Codex, Claude Code, Cursor, VS Code, Cline, Gemini CLI, Copilot, OpenCode, Zed
- dist/actions/skills/setupSkills.js can run bundled skills CLI to globally add Sanity skills for selected agents
- dist/services/mcp.js creates/validates Sanity MCP tokens and exposes https://mcp.sanity.io
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin/run.js only checks Node version then invokes oclif CLI
- MCP and skills setup is reached through CLI init/setup flows, prompts or explicit/auto init options, not import/install time
- dist/util/update/updateChecker.js spawns only a local worker to fetch latest package version and cache it
- dist/commands/codemod.js runs npx jscodeshift only when the codemod command is invoked
- No credential harvesting, destructive behavior, remote payload execution, or non-Sanity exfiltration found
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/util/update/updateChecker.jsView on unpkg · L1Package source references shell execution.
dist/util/packageManager/installationInfo/detectGlobals.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/actions/manifest/writeWorkspaceFiles.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/commands/codemod.jsView on unpkg · L118