Loading npm security reports…
Grok coding agent CLI fork (command: grok-cli; does not replace official grok)
LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code writes and symlinks an executable into the shared `~/.grok/bin` directory. Runtime then executes that canonical binary with inherited environment variables. No confirmed network or data-exfiltration behavior appears in reviewed source.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L28Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L28