AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time or import-time malicious behavior was found. The notable risk is explicit user-command installation of a first-party agent skill into Claude/Codex skill directories, plus user-invoked map generation and snapshot push behavior.
Decision evidence
public snapshot- dist/commands/skills.js installs bundled dist/skills/snag-map/SKILL.md into ~/.agents/skills and symlinks ~/.claude/skills and ~/.codex/skills
- dist/commands/push.js sends SNAG_API_KEY as Bearer auth on explicit `snag push`
- dist/commands/map.js uses child_process execFile only for git check-ignore
- dist/commands/push.js uses child_process execFile only for git ls-tree/show
- package.json has no preinstall/install/postinstall lifecycle scripts
- dist/bin.js only dispatches explicit CLI argv to runCli
- dist/commands/skills.js runs only via explicit `snag skills install` and avoids clobbering non-symlink user content
- dist/commands/push.js defaults to https://snag.run and blocks remote plaintext HTTP unless explicitly overridden
- dist/commands/map.js writes generated maps under .snag/maps with cwd confinement and symlink guard
- dist/commands/view.js serves local read-only GET routes on 127.0.0.1 and confines map reads to .snag/maps
Source & flagged code
2 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/map.jsView on unpkgPackage source references weak cryptographic algorithms.
dist/commands/map.jsView on unpkg · L1