AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This package is an explicit installer for a first-party token_optimizer MCP server and agent plugins. It mutates multiple AI-agent config surfaces and installs default-on instructions, but only after the user runs its bin command.
Decision evidence
public snapshot- bin/token-optimizer.js exposes only user-invoked install/config/defaults commands; no package.json lifecycle hook.
- lib/install-core.js writes MCP/plugin config for Claude, Codex, Gemini/Antigravity, OpenCode, and Cursor under user home.
- lib/install-core.js appends default-on agent instructions telling clients to use token_optimizer tools.
- assets/plugin/*/server/start.js runs npm install into a plugin-owned .data cache on first MCP server launch.
- assets/plugin/*/server/runner.js exposes MCP tools that execute shell commands in caller-supplied workspaces.
- assets/plugin/*/server/analytics.js can share sanitized analytics to configured LLM gateway when token env is present.
- package.json has no preinstall/install/postinstall scripts, so npm install itself does not mutate agent configs.
- Config mutation is activated by explicit bin command, not import-time or lifecycle execution.
- Network use is package-aligned LLM/gateway traffic via configured env/defaults; no hidden download URL or arbitrary remote payload execution found.
- Runtime npm install uses bundled server/package.json with only @modelcontextprotocol/sdk dependency, not dynamic package names.
- No code found harvesting broad credentials or recursively exfiltrating files; analytics record omits raw content and workspace paths before sharing.
- MCP command execution is exposed as named user-invoked tools rather than automatic persistence/destructive behavior.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
lib/install-core.jsView on unpkg · L3Source writes installer persistence such as shell profile or service configuration.
lib/install-core.jsView on unpkg · L3Package source invokes a package manager install command at runtime.
assets/plugin/cursor/server/start.jsView on unpkg · L46Package ships non-JavaScript build or shell helper files.
assets/plugin/cursor/server/start.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
assets/plugin/antigravity/server/start.jsView on unpkg