AI Security Review
scanned 49m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit installation modifies supported AI-agent configuration surfaces. It installs Plastic-branded skills/agents and, for Claude, hook commands that run Plastic scripts during agent events.
Static reason
No blocking static signals were detected.
Trigger
User runs `plastic install` or an update/reinstall command.
Impact
Persistent agent behavior changes in `~/.agents` and/or `~/.claude`; no unconsented npm install-time mutation was found.
Mechanism
First-party AI-agent extension and hook provisioning.
Rationale
The package is not concretely malicious, but it intentionally persists AI-agent extensions and Claude hooks after an explicit install command. Per policy, this first-party agent-extension setup warrants a warning rather than a block.
Evidence
package.jsonbin/plastic.jsscripts/install.rbscripts/update.rbscripts/lib/installer_core.rbscripts/lib/hook_registry.rbhooks/hooks.jsonhooks/check-updatescripts/lib/feedback_report.rb
Network endpoints1
github.com/zalom/plastic/issues/new
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `scripts/lib/installer_core.rb` installs skills and agent prompts into `~/.agents` for Codex after explicit CLI use.
- The same installer writes Claude hook executables and merges commands into `~/.claude/settings.json`.
- `hooks/hooks.json` registers lifecycle hooks for prompts and tool use when installed for Claude.
- `scripts/update.rb` and `hooks/check-update` invoke npm metadata checks for updates.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/plastic.js` only runs after a user invokes the `plastic` binary.
- No credential harvesting, data exfiltration, remote payload loading, eval, or shell-string execution was confirmed.
- `scripts/lib/feedback_report.rb` redacts content and only creates a user-submitted GitHub issue URL.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcescripts/doctor.rbView file
•path = scripts/doctor.rb
kind = build_helper
sizeBytes = 76226
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/doctor.rbView on unpkgFindings
3 Medium3 Low
MediumEnvironment Vars
MediumShips Build Helperscripts/doctor.rb
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings