AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup persists Alexandria MCP/hook integrations across supported AI-agent configurations. This is an agent-extension lifecycle surface, not install-time execution.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `ale init`, `ale agents`, or `ale skills`.
Impact
Future configured agent sessions can invoke Alexandria hooks/MCP and receive its local-vault context.
Mechanism
Writes agent configuration/hooks and optionally installs recommended skills via `npx`.
Rationale
No malicious install-time or covert attack behavior was found. Flag as warn because explicit setup creates persistent AI-agent hooks/configuration and can install third-party skills at runtime.
Evidence
package.jsondist/cli.jsdist/chunk-IQM5S5N4.jsdist/hooks/on-prompt.jsdist/hooks/on-session-start.jsdist/hooks/on-stop.jsdist/chunk-UTXUGXDB.js.claude/settings.json.mcp.jsonCLAUDE.md~/.claude/settings.json~/.claude/CLAUDE.md.claude/skills
Network endpoints1
127.0.0.1
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/cli.js` `ale init` explicitly registers persistent hooks, MCP servers, and a CLAUDE.md instruction block.
- `dist/chunk-IQM5S5N4.js` writes Claude hooks and MCP configuration; the hooks run Node scripts on future agent events.
- `dist/cli.js` supports multiple agent configs and can invoke `npx skills add` from the explicit `ale skills` command.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepublishOnly` is publisher-side.
- All config and hook mutations are reached through explicit CLI commands, chiefly `ale init`, `ale agents`, and `ale skills`.
- `dist/chunk-UTXUGXDB.js` serves only `http://127.0.0.1` for the local graph viewer.
- No source evidence of credential harvesting, data exfiltration, remote payload evaluation, or destructive filesystem behavior.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-UTXUGXDB.jsView file
9import path from "path";
L10: import { spawn } from "child_process";
L11: function buildGraphData(idx) {
High
Child Process
Package source references child process execution.
dist/chunk-UTXUGXDB.jsView on unpkg · L9dist/cli.jsView file
125try {
L126: execFileSync("npx", ["--yes", "skills", "add", rec.skill, "--yes"], {
L127: stdio: "pipe",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L125Findings
3 High2 Medium4 Low
HighChild Processdist/chunk-UTXUGXDB.js
HighShell
HighRuntime Package Installdist/cli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings