AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package offers powerful MCP development tools and an explicit first-party Hermes skill installer. No install-time execution or confirmed covert attack surface is established.
Decision evidence
public snapshot- `dist/bin/mcp-server.js` explicitly copies `skills/thoughtflow-mcp/SKILL.md` to `~/.hermes/skills/thoughtflow-mcp/SKILL.md` for `install-skill`.
- `dist/tools/workspace/terminal-run.tool.js` exposes shell execution through an MCP tool.
- `dist/tools/workspace/http-request.tool.js` can make user-specified HTTP requests.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Skill installation occurs only when the user invokes `thoughtflow-mcp install-skill`.
- The copied skill is package-owned and targets only `thoughtflow-mcp`, not a foreign or broad agent control surface.
- `dist/tools/neural/neural-review.tool.js` detects `eval` text in reviewed code; it does not evaluate code.
- `dist/tools/database/db-index-suggest.tool.js` uses static imports and local source scanning, not dynamic loading.
- No covert credential harvesting, exfiltration, remote payload execution, or destructive import-time behavior was found.
Source & flagged code
4 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/tools/neural/neural-review.tool.jsView on unpkg · L115Package source references dynamic require/import behavior.
dist/tools/database/db-index-suggest.tool.jsView on unpkg · L36Package source references weak cryptographic algorithms.
dist/tools/quality/quality-duplication.tool.jsView on unpkg · L53This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/bin/mcp-server.jsView on unpkg