AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time agent control hijack was confirmed. The risky surface is explicit user-invoked Claude MCP setup plus telemetry and broad MCP filesystem/shell tools.
Decision evidence
public snapshot- dist/setup-claude-server.js explicit setup command writes Claude Desktop MCP config and restarts Claude.
- dist/setup-claude-server.js and dist/track-installation.js send install/setup telemetry to telemetry.desktopcommander.app with environment/install context.
- package.json metadata/bin setup references desktop-commander but setup config installs @wonderwhy-er/desktop-commander, not @tokor/desktop-commander.
- package.json postinstall only runs dist/npm-scripts/verify-ripgrep.js and ignores failure.
- dist/npm-scripts/verify-ripgrep.js only resolves ripgrep path and prints warnings; no config writes or network.
- dist/index.js setup/remove/remote actions are argument-gated; normal import starts MCP server.
- dist/utils/capture.js supports telemetry opt-out via config and DESKTOP_COMMANDER_DISABLE_TELEMETRY.
- Shell/file/process capabilities are MCP server features aligned with package description.
Source & flagged code
5 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/ui/config-editor/config-editor-runtime.jsView on unpkg · L25Package source references dynamic require/import behavior.
dist/tools/fuzzySearch.jsView on unpkg · L14Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/track-installation.jsView on unpkg · L14