AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack behavior was found. The notable risk is explicit skuilder studio writing a Claude Code MCP config for a package-owned local course editing server.
Decision evidence
public snapshot- dist/commands/studio.js writes .mcp.json into process.cwd() during explicit skuilder studio.
- dist/commands/studio.js generates Claude Code MCP config pointing to bundled dist/mcp-server.js with CouchDB env.
- dist/mcp-server.js exposes course editing MCP tools over stdio when launched by an MCP client.
- package.json has no preinstall/install/postinstall hooks; bin only points to dist/cli.js.
- dist/cli.js only initializes logging, reads package.json version, and registers commander subcommands.
- Network use is package-aligned CouchDB/Express/studio localhost or user-provided CouchDB URLs for pack/unpack/import.
- child_process use is explicit studio workflow: open browser, npm run build, npm run build:lib in user course/build dirs.
- No credential harvesting, external exfiltration endpoint, persistence, destructive install-time behavior, or remote payload loader found.
Source & flagged code
5 flagged · loading sourcePackage contains a possible secret pattern.
dist/commands/studio.jsView on unpkg · L379Hardcoded password in dist/commands/studio.js
dist/commands/studio.jsView on unpkg · L409Package source references dynamic require/import behavior.
dist/studio-ui-src/main.tsView on unpkg · L103Hardcoded password in src/commands/studio.ts
src/commands/studio.tsView on unpkg · L498Hardcoded password in src/commands/studio.ts
src/commands/studio.tsView on unpkg · L529