registry  /  @zalom/plastic  /  1.1.1

@zalom/plastic@1.1.1

Intent-driven idea development system for AI coding agents

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time execution occurs. An explicit `plastic install` command deploys package-owned AI-agent skills, agents, and Claude hooks that can influence tool and prompt lifecycle behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `npx @zalom/plastic install` or the legacy bare CLI invocation.
Impact
Installed hooks can gate or add context to Claude Code sessions; no exfiltration or remote payload chain was confirmed.
Mechanism
Explicit agent-extension installation and Claude hook registration.
Rationale
Flag as warning because the package explicitly installs persistent AI-agent lifecycle hooks. Source inspection found no concrete malicious behavior or automatic npm lifecycle execution.
Evidence
package.jsonbin/plastic.jsscripts/install.rbscripts/lib/installer_core.rbscripts/lib/hook_registry.rbhooks/hooks.jsonscripts/update.rbscripts/rollback.rb~/.plastic~/.claude/hooks~/.claude/settings.json~/.agents/skills~/.agents/agents~/.hermes/skills~/.hermes/agents

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • Explicit `npx` install copies hooks and merges Claude settings.
  • Hook registry registers PreToolUse and UserPromptSubmit commands.
  • Install targets `~/.claude`, `~/.agents`, and `~/.hermes` extension directories.
Evidence against
  • `package.json` has no npm lifecycle scripts.
  • No credential harvesting or HTTP/network client code found.
  • Entrypoint only dispatches explicit user commands to bundled Ruby scripts.
  • Process calls are for declared git/qmd tools and explicit version switching.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.18 KB of source, external domains: mise.run

Source & flagged code

1 flagged · loading source
scripts/doctor.rbView file
path = scripts/doctor.rb kind = build_helper sizeBytes = 74149 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/doctor.rbView on unpkg

Findings

3 Medium3 Low
MediumEnvironment Vars
MediumShips Build Helperscripts/doctor.rb
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings