AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time or import-time attack surface was found. The remaining risk is explicit first-party agent setup that mutates AI-agent hook/plugin surfaces.
Decision evidence
public snapshot- Explicit `wp setup` scaffolds agent hooks into `.claude/settings.json` and `.codex/hooks.json` in `dist/esm/cli/commands/init/scaffolders/agent-hooks/index.js`.
- Setup also patches user Claude settings via `defaultClaudeUserSettingsPath()` and can trust Codex hooks when requested.
- Opt-in telemetry posts setup timing to `https://telemetry.webpresso.dev/v1/setup-tthw` when `WP_TELEMETRY=1` or `WP_INTERNAL=1`.
- `prepare` lifecycle is only `husky`; no preinstall/install/postinstall mutation found in `package.json`.
- `bin/_run.js` delegates to packaged `wp` runtime/built/source entrypoints via `spawn`/`spawnSync`.
- Dangerous command/reverse-shell patterns are deny-list regex validators, not executed payloads.
- Public import `dist/esm/index.js` is a small API export with no filesystem, shell, or network side effects.
- Agent hook/config writes are under explicit `wp setup`, not package install or import.
- Shell execution in `dist/esm/cli/commands/err.js` is user-invoked `wp err <cmd>` passthrough.
- Dynamic import in `dist/esm/config/oxlint/tier-boundaries.js` loads local `package-boundaries.js` for lint rules with fallback constants.
- No credential harvesting or exfiltration logic found in inspected hot files.
- Telemetry is disabled by default except internal/explicit env flags and sends JSON setup payload only.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/_run.jsView on unpkgPackage source references dynamic require/import behavior.
dist/esm/config/oxlint/tier-boundaries.jsView on unpkg · L14Package source references weak cryptographic algorithms.
dist/esm/audit/weakness-mining/index.jsView on unpkg · L6Source matches reverse-shell style process and socket wiring.
dist/esm/hooks/pretool-guard/validators/dangerous-commands.jsView on unpkg · L23