AI Security Review
scanned 7d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. Residual risk is explicit/user-invoked Claude config seeding and PTY control of Claude sessions with acceptEdits.
Decision evidence
public snapshot- package.json postinstall chmods node-pty prebuild spawn-helper in dependency path
- dist/index.cjs spawns Claude via node-pty with --permission-mode acceptEdits
- dist/seed-claude-config.cjs can write CLAUDE_CONFIG to accept trust/onboarding for /data/.claude/projects
- dist/cli.cjs has user-invoked update path fetching GitHub release assets
- postinstall has no network, payload execution, or AI-agent config mutation
- Claude config mutation is in explicit seed script, not npm install lifecycle
- Update downloads verify manifest sha256/size and require update config or signed webhook secret
- Network endpoints are package-aligned local server, GitHub updater, and localhost pairing
- No credential harvesting or exfiltration flow found
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L101Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg