AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Direct npm installation can mutate the consuming project's `.mcp.json`. The entry registers this package's documentation MCP server for later agent use; no confirmed exfiltration or destructive behavior exists.
Static reason
One or more suspicious static signals were detected.
Trigger
Direct non-CI npm installation from a project directory with `package.json`.
Impact
Adds an AI-agent extension configuration that may be discovered and run later by an MCP-capable coding agent.
Mechanism
Guarded postinstall registration of a package-owned MCP server.
Rationale
This is a concrete install-time mutation of a consumer AI-agent control surface, but it is a guarded first-party package-owned extension setup rather than confirmed malicious behavior. Per policy, it warrants a warning rather than a block.
Evidence
package.jsonbin/postinstall.mjsbin/mcp-config.mjsbin/mcp.mjsbin/cli.mjs.mcp.json
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `bin/postinstall.mjs` on installation.
- `bin/postinstall.mjs` writes the consumer project's `.mcp.json` outside CI and only for direct project installs.
- `bin/mcp-config.mjs` adds `spawn-design-system` with `npx -y @spawn-llc/design-system mcp`.
Evidence against
- Postinstall skips CI, self-installs, and nested/transitive installs.
- MCP server tools in `bin/mcp.mjs` are declared read-only and serve package documentation over stdio.
- No credential harvesting, shell execution, remote payload loading, native binaries, or hidden network endpoint was found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node bin/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node bin/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings