AI Security Review
scanned 5d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface: the package is a local knowledge-vault CLI/MCP integration that intentionally registers hooks and MCP servers when invoked. It does have broad AI-agent extension lifecycle behavior, but it is user-command setup and package-aligned.
Decision evidence
public snapshot- The CLI registers Alexandria hooks/MCP into multiple AI-agent configs when users run `ale init`, `ale agents`, or `ale doctor`.
- `dist/hooks/on-prompt.js` captures user prompts into the local vault and injects local search context into Claude Code prompt flow.
- `dist/hooks/on-stop.js` reads Claude transcript paths provided by hook input and saves session summaries locally.
- `dist/cli.js` can run `npx --yes skills add ... --yes` from explicit `ale skills` recommendations.
- `package.json` has no preinstall/install/postinstall hooks; only `prepublishOnly` build script.
- Agent config writes are explicit CLI commands matching README-described purpose, not install-time mutation.
- MCP server tools read/write the configured local vault only; no remote exfiltration endpoint found.
- Network-facing code is a localhost graph viewer at `127.0.0.1` and model dependency loading, package-aligned.
- Child process use is for opening browser, `claude mcp add`, `hermes mcp add`, and explicit skill install commands.
Source & flagged code
2 flagged · loading sourcePackage source references child process execution.
dist/chunk-KHTYRYDR.jsView on unpkg · L7Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L289