AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time malicious behavior is established. The real risk is explicit user-command AI agent setup that mutates Claude Code/Cursor configuration and registers a first-party Claude plugin marketplace.
Static reason
No blocking static signals were detected.
Trigger
User runs nexusmind-setup, nexusmind setup, or nexusmind sync-agents.
Impact
MCP server registration, first-party Claude plugin enablement, shell env additions, and optional project agent metadata writes.
Mechanism
explicit MCP/agent configuration and NexusMind API client
Rationale
Source inspection found explicit, documented agent configuration writes but no npm lifecycle execution, credential harvesting beyond the configured API key, or concrete exfiltration/remote payload chain. Per policy this should warn for first-party/explicit agent extension setup rather than block.
Evidence
package.jsondist/index.jsdist/client.jsdist/setup.jsdist/sync-agents.jsREADME.md~/.claude.json~/.claude/settings.json~/.cursor/mcp.json.cursor/mcp.json~/.zshrc~/.bashrc.nexusmind-agents.jsonCLAUDE.md
Network endpoints3
${NEXUSMIND_BASE_URL}localhost:8080github.com/smart-coder-labs/nexusmind-claude-plugin
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- dist/setup.js registers a Claude Code plugin marketplace entry for smart-coder-labs/nexusmind-claude-plugin during explicit setup.
- dist/setup.js writes Claude/Cursor config and shell env vars when setup is invoked.
- dist/sync-agents.js can update CLAUDE.md and write .nexusmind-agents.json from API data on explicit sync-agents command.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts.
- dist/client.js uses NEXUSMIND_BASE_URL and NEXUSMIND_API_KEY for package-aligned API calls.
- No child_process, eval/vm/Function, native binary loading, or hidden remote code execution found.
- Config writes are documented and bounded to NexusMind MCP/agent setup.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/setup.jsView file
13import * as readline from 'node:readline/promises';
L14: import { stdin as input, stdout as output } from 'node:process';
L15: // ── Paths ─────────────────────────────────────────────────────────────────────
L16: const HOME = homedir();
L17: const CLAUDE_JSON_PATH = join(HOME, '.claude.json');
...
L43: try {
L44: return JSON.parse(readFileSync(path, 'utf8'));
L45: }
...
L64: function writeShellEnv(apiKey, baseUrl) {
L65: for (const rc of [join(HOME, '.zshrc'), join(HOME, '.bashrc')]) {
L66: if (!existsSync(rc))
...
L156: // API key + URL
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/setup.jsView on unpkg · L13Findings
3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/setup.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License