AI Security Review
scanned 7d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malicious behavior was confirmed. The package is an AI-agent platform extension installer with broad user-invoked writes to Claude/Codex/Cursor/OpenCode/Gemini control surfaces and optional MCP/hooks/Telegram capabilities.
Decision evidence
public snapshot- User-invoked install copies agents/skills/hooks into AI runtimes and registers hooks in project settings via scripts/instalador.js and scripts/lib/hooks-settings.js.
- Codex/Cursor transformers can write AGENTS.md, hooks.json, .cursor/mcp.json, and ~/.codex/config.toml when install targets those runtimes.
- Hooks include blocking PreToolUse and broad PostToolUse/Stop/UserPromptSubmit behavior from manifiestos/hooks-config.json.
- Optional Telegram flow writes ~/.claude/notifications/.env and global notification hooks after explicit opt-in.
- package.json postinstall only echoes installation instructions; no lifecycle code executes installer or mutates agent config.
- CLI dispatch in bin/swl-ses.js requires explicit commands such as install/init/update before writes occur.
- MCP registration is gated by --with-mcp and Telegram credentials by interactive/headless opt-in.
- Network use found is package-aligned: Telegram notifications, npm version checks, GitHub/registry tooling, webhook server; no credential harvesting/exfiltration path confirmed.
- Secret scanner finding is detection regex source in hooks/escaneo-secretos.js, not an embedded secret.
Source & flagged code
19 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
hooks/escaneo-secretos.jsView on unpkg · L65AWS access key ID in hooks/escaneo-secretos.js
hooks/escaneo-secretos.jsView on unpkg · L65RSA private key in hooks/escaneo-secretos.js
hooks/escaneo-secretos.jsView on unpkg · L78OpenSSH private key in hooks/escaneo-secretos.js
hooks/escaneo-secretos.jsView on unpkg · L78Package source references child process execution.
habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L36Package source references dynamic require/import behavior.
habilidades/changelog-generator/scripts/parse-commits.jsView on unpkg · L26Package source references weak cryptographic algorithms.
hooks/lib/sync-status.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
scripts/lib/autostart-macos.jsView on unpkg · L8Package source invokes a package manager install command at runtime.
hooks/calidad-typescript.jsView on unpkg · L305Package ships non-JavaScript build or shell helper files.
habilidades/validacion-ci-sistema/scripts/validar-sistema.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/calidad-pre-commit.jsView on unpkgHardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L52Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L72Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L131Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L240Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L254Hardcoded password in habilidades/nestjs-experto/recursos/testing-nestjs.md
habilidades/nestjs-experto/recursos/testing-nestjs.mdView on unpkg · L261Hardcoded password in habilidades/gcp-cloud/SKILL.md
habilidades/gcp-cloud/SKILL.mdView on unpkg · L100