AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code writes package workflows under the package-owned `~/.hermit/.claude/workflow` directory and migrates its own legacy runtime data. No source evidence shows install-time network access, credential exfiltration, remote payload execution, or mutation of broad foreign agent configuration.
Decision evidence
public snapshot- `package.json` runs `bin/postinstall.mjs` on installation.
- `bin/postinstall.mjs` creates `~/.hermit/.claude/workflow` and copies bundled workflow files there.
- Postinstall refreshes marked workflow files and migrates/deletes legacy `~/.hermit/cc-connect` runtime paths.
- `bin/lib/aikey.mjs` can modify `~/.claude` and `~/.codex`, but only through explicit CLI key-claim flow.
- `bin/postinstall.mjs` performs no network requests or child-process execution.
- Workflow seeding skips files without its marker, preserving user-managed files.
- Bundled workflow JS is proposal/read-only oriented and forbids secret reads, execution, and external uploads.
- AI-key configuration mutation is user-invoked; README documents targets, backup, and restore behavior.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/lib/navigationCommand.mjsView on unpkg · L132Package source references weak cryptographic algorithms.
bin/lib/teams.mjsView on unpkg · L70Source writes installer persistence such as shell profile or service configuration.
bin/lib/aikey.mjsView on unpkg · L116A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/lib/auth.mjsView on unpkg · L367Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/lib/update.mjsView on unpkg · L3Package source invokes a package manager install command at runtime.
bin/lib/update.mjsView on unpkg · L62Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1Package ships high-entropy non-source blobs.
dist-renderer/icon.rarView on unpkgPackage ships compressed or archive-like blobs.
dist-renderer/icon.rarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-renderer/icon.rarView on unpkgPackage contains source files above the static scanner size ceiling.
dist-renderer/assets/index-8qKBJj8I.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/hermit.mjsView on unpkg