AI Security Review
scanned 32m ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a shared codegen library for MCP hosts; suspicious primitives are guarded lifecycle/dev tooling or user-invoked generators.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install, importing ./codegen, or explicit downstream generator/runtime use
Impact
Install in the published package does not execute build/husky paths; runtime helpers may read local env files and generate project files only when called by consumers.
Mechanism
guarded dev lifecycle scripts and user-invoked MCP code generation/runtime helpers
Rationale
Static inspection found install-time scripts, env handling, local HTTP runtime templates, and file-writing codegen helpers, but they are package-aligned and either guarded to a dev checkout absent from the tarball or activated by explicit consumer codegen/runtime use. No exfiltration, remote payload loading, stealth persistence, destructive behavior, or unconsented AI-agent control-surface mutation was found.
Evidence
package.jsonscripts/npm-prepare.mjsscripts/npm-postinstall.mjsout/codegen/index.jsout/codegen/project-bootstrap.jsout/codegen/auth-stub-bootstrap.jsout/codegen/templates/mcp-host-shared.template.jsout/codegen/templates/http-runtime.template.jsout/codegen/templates/oauth-http-runtime.template.jssrc/codegen/index.tsnode_modules/husky/bin.js.env.env.localsrc/hooks/<product>/<module>/*.tsgenerated/<product>/mcp-build-generated-at.ts
Network endpoints5
github.com/annettedorothea/core2aigithub.com/annettedorothea/api2aigithub.com/annettedorothea/db2ai127.0.0.1:<port>/mcp<listenHost>:<port>/mcp
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall and prepare lifecycle scripts.
- scripts/npm-prepare.mjs and scripts/npm-postinstall.mjs import child_process.execSync.
- out/codegen/* exports MCP host/codegen helpers that can write generated files and read .env/.env.local when invoked.
- out/codegen/templates/* can generate local HTTP/OAuth MCP runtimes.
Evidence against
- Published package has no src/ directory, so both lifecycle scripts' dev-checkout guards are false in this tarball.
- No fetch/axios/undici or remote network client code found; HTTP references are local server/runtime templates or README GitHub links.
- No credential harvesting or exfiltration path found; credential/env handling is passed into generated MCP hosts for user-invoked runtime behavior.
- File writes are explicit codegen/bootstrap outputs under caller-provided project paths, not install/import-time mutation.
- No broad AI-agent config writes such as Cursor/Claude/Codex settings mutation were found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/npm[redacted]
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings