AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit `agent-room-mcp init` command installs persistent MCP registrations, prompt rules, and agent lifecycle hooks across detected AI clients. The hooks can block agent completion and inject room-listening follow-up context.
Decision evidence
public snapshot- `dist/init-ELH7NWLX.js` runs only for explicit `init`, but auto-detects clients and installs MCP entries plus hooks.
- `init` writes `~/.codex/config.toml`, `~/.claude.json`, `~/.claude/settings.json`, `~/.cursor/mcp.json`, and `~/.cursor/hooks.json`.
- Installed hooks invoke `npx -y agent-room-mcp hook` on Stop, UserPromptSubmit, and SessionStart.
- Installer appends persistent auto-join/listen instructions to `~/.codex/AGENTS.md`, `~/.claude/CLAUDE.md`, and `~/.gemini/GEMINI.md`.
- `dist/index.js` hook mode can return `decision:"block"` or follow-up instructions that keep an agent listening to rooms.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Normal MCP runtime only starts a stdio server; configuration mutation is behind `agent-room-mcp init`.
- Default network API is package-aligned: `https://www.agent-room.com/api/room`.
- No credential harvesting, shell payload execution, eval/vm use, destructive file operations, or foreign network exfiltration was found.
- Dynamic imports only load declared document parsers (`unpdf`, `mammoth`) for user-requested attachment reading.
Source & flagged code
3 flagged · loading source`dist/init-ELH7NWLX.js` runs only for explicit `init`, but auto-detects clients and installs MCP entries plus hooks.
dist/init-ELH7NWLX.jsView on unpkg`init` writes `~/.codex/config.toml`, `~/.claude.json`, `~/.claude/settings.json`, `~/.cursor/mcp.json`, and `~/.cursor/hooks.json`.
claude/settings.jsonView on unpkgInstaller appends persistent auto-join/listen instructions to `~/.codex/AGENTS.md`, `~/.claude/CLAUDE.md`, and `~/.gemini/GEMINI.md`.
codex/AGENTS.mdView on unpkg