AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time behavior was found. The package is a GitHub Junior plugin with guarded runtime ability to mint GitHub credentials, inject scoped request headers, and set sandbox git hooks/config when the plugin is activated.
Decision evidence
public snapshot- dist/index.js registers a Junior plugin with GitHub domains, OAuth endpoints, credential grants, and command env for GitHub workflows.
- dist/index.js sandboxPrepare writes a prepare-commit-msg hook under ctx.sandbox.juniorRoot/git-hooks and globally configures core.hooksPath, credential.helper, and http.emptyAuth.
- dist/index.js issues installation/user credential leases that inject Authorization header transforms for api.github.com and github.com.
- dist/index.js exposes tools that create GitHub issues and pull requests via ctx.egress.fetch POST requests.
- package.json has no preinstall/install/postinstall lifecycle scripts and only exports dist/index.js.
- Runtime network targets are package-aligned: api.github.com, github.com OAuth, and optional Sentry session links from SENTRY_DSN/SENTRY_ORG_SLUG.
- No child_process import, eval/vm/Function, native binary loading, destructive filesystem operations, or import-time execution found.
- Credential handling is mediated by Junior plugin APIs and host token slots; raw token values are not written to package files.
- SETUP.md documents expected GitHub App env vars and explicitly says tokens are host-managed rather than stored in sandbox env/files.
Source & flagged code
4 flagged · loading sourcedist/index.js registers a Junior plugin with GitHub domains, OAuth endpoints, credential grants, and command env for GitHub workflows.
dist/index.jsView on unpkgdist/index.js sandboxPrepare writes a prepare-commit-msg hook under ctx.sandbox.juniorRoot/git-hooks and globally configures core.hooksPath, credential.helper, and http.emptyAuth.
dist/index.jsView on unpkgdist/index.js exposes tools that create GitHub issues and pull requests via ctx.egress.fetch POST requests.
dist/index.jsView on unpkgdist/index.js issues installation/user credential leases that inject Authorization header transforms for api.github.com and github.com.
package.jsonView on unpkg